The latest installation in our series on legislation recently passed by the New York State Legislature (introduced here) addresses legislation in the long term care and aging space. It follows upon descriptions of legislation in the pharmacy space (here) and hospital space (here). Like those areas, the long term care area was impacted by
Continue Reading Legislation Affecting Long Term Care & Aging
HIPAA and Privacy
NYS Department of Health Announces Workforce Retraining Funding Opportunity
The New York State Department of Health (DOH), in consultation with the Department of Labor (DOL), recently announced a Request for Applications for the Health Workforce Retraining Initiative (HWRI). This program was established pursuant to NYS Public Health Law §2807-g and is funded through the State’s Health Care Reform Act. The 2018-19 Enacted New York State Budget included $9 million…
Continue Reading NYS Department of Health Announces Workforce Retraining Funding Opportunity
Healthcare Business Owners—HIPAA Still Applies After Closing Down Your Business
Filefax, Inc. (“Filefax”), an Illinois company that intimately handled sensitive Personal Health Information (“PHI”), paid $100,000 to the Department of Health and Human Services (“HHS”) to settle potential violations of the Health Insurance Portability and Accountability Act (“HIPAA”). The payment stemmed from, when still in business, Filefax allegedly improperly disclosing the PHI of approximately 2,150 people when not properly securing…
Continue Reading Healthcare Business Owners—HIPAA Still Applies After Closing Down Your Business
Angry Text Message Recipient Loses Court Challenge On Flu Shot Reminder
It’s flu season again. Your PCP at WPMG is thinking of you!
So began the health care provider’s text message that prompted this month’s Second Circuit decision applying the Telephone Consumer Protection Act to a flu shot reminder, Latner v. Mount Sinai Health System, Inc.
Plaintiff had gone to defendant West Park Medical Group (WPMG) in 2003 for a…
Continue Reading Angry Text Message Recipient Loses Court Challenge On Flu Shot Reminder
What are Your Thoughts on the Draft Trusted Exchange Framework?
On January 5, 2018, the United States Department of Health and Human Services released for public comment a draft Trusted Exchange Framework, which seeks to accomplish interoperability with respect to patients’ Electronic Health Information (“EHI”) through the creation of Health Information Networks (“HINs”). The 21st Century Cures Act, which Congress enacted in 2016, has the goal of creating…
Continue Reading What are Your Thoughts on the Draft Trusted Exchange Framework?
Public Health Emergencies and Mother Nature
In the wake of some of the worst storms our country has ever faced, as seen in the devastation caused by Hurricane Harvey in Texas, Hurricane Irma in Florida, and now Hurricane Maria in Puerto Rico and the U.S. Virgin Islands, it is important to understand some of the actions the United States federal government can take to assist victims…
Continue Reading Public Health Emergencies and Mother Nature
New York’s New Cybersecurity Regulations and its Impact on your Sensitive Health Information
Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity regulations apply to all individuals and entities that “operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services…
Continue Reading New York’s New Cybersecurity Regulations and its Impact on your Sensitive Health Information
OCR’s First Settlement with a Business Associate for HIPAA Violations
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) is the first business associate to be held directly liable for violations under the HIPAA rules. CHCS provided management and information technology services to six nursing homes. According to the OCR Resolution Agreement, OCR received separate notifications from each of the six nursing homes regarding a breach of unsecured…
Continue Reading OCR’s First Settlement with a Business Associate for HIPAA Violations
Consequences for Failure to Have a Required Business Associate Agreement
The Department of Health and Human Services, Office for Civil Rights (“OCR”), enforces the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This includes the requirement that Covered Entities (health care providers and health plans) have Business Associate Agreements with their “Business Associates.”
“Business Associates” are persons or entities who “create, receive, maintain or transmit Protected Health Information (“PHI”)…
Continue Reading Consequences for Failure to Have a Required Business Associate Agreement
Who is a “Qualified Person” for Purposes of Access to a Patient’s Medical Records
In our previous post [found here], we explained that, under the Privacy Rule, HIPAA covered entities (health care providers and health plans) must provide individuals and their “personal representatives” with access to the individual’s protected health information. An individual’s personal representative is determined under State law. In this post, we will define who is a “personal representative”…
Continue Reading Who is a “Qualified Person” for Purposes of Access to a Patient’s Medical Records