Consumers often seek online reviews of a business on platforms such as Yelp, CitySearch, Yahoo and Google Plus Pages before purchasing products or services. This includes patients seeking online reviews of a physician or other licensed professional before seeking treatment. Unfortunately, a practice known as “Astroturfing” has developed where businesses attempt to create an impression
OCR’s First Settlement with a Business Associate for HIPAA Violations
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) is the first business associate to be held directly liable for violations under the HIPAA rules. CHCS provided management and information technology services to six nursing homes. According to the OCR Resolution Agreement, OCR received separate notifications from each of the six nursing homes
Consequences for Failure to Have a Required Business Associate Agreement
The Department of Health and Human Services, Office for Civil Rights (“OCR”), enforces the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This includes the requirement that Covered Entities (health care providers and health plans) have Business Associate Agreements with their “Business Associates.”
“Business Associates” are persons or entities who “create, receive, maintain or
Sixth Amendment Prevents Pretrial Restraint on Health Care Defendant’s Use of Untainted Funds To Pay Counsel
The Supreme Court held last week that in a federal health care fraud prosecution, the Sixth Amendment prevents the government from obtaining a pretrial freeze of assets that were untainted by the alleged crime and that defendant sought to use to pay her lawyer.
In Luis v. United States, the government alleged that the
Who is a “Qualified Person” for Purposes of Access to a Patient’s Medical Records
In our previous post [found here], we explained that, under the Privacy Rule, HIPAA covered entities (health care providers and health plans) must provide individuals and their “personal representatives” with access to the individual’s protected health information. An individual’s personal representative is determined under State law. In this post, we will define
The Individual’s Rights Under HIPAA to Access their Health Information- Verifying the Identity of the Person Requesting PHI
Under the Privacy Rule, HIPAA covered entities (health care providers and health plans) are required to provide individuals, upon request, with access to their protected health information (PHI) in one or more “designated record sets” maintained by or for the covered entity.
Covered entities are also required to protect the individual’s PHI from unauthorized disclosure.