The latest installation in our series on legislation recently passed by the New York State Legislature (introduced here) addresses legislation in the long term care and aging space.  It follows upon descriptions of legislation in the pharmacy space (here) and hospital space (here).  Like those areas, the long term care area was impacted by
Continue Reading Legislation Affecting Long Term Care & Aging

The New York State Department of Health (DOH), in consultation with the Department of Labor (DOL), recently announced a Request for Applications for the Health Workforce Retraining Initiative (HWRI).  This program was established pursuant to NYS Public Health Law §2807-g and is funded through the State’s Health Care Reform Act.  The 2018-19 Enacted New York State Budget included $9 million

Continue Reading NYS Department of Health Announces Workforce Retraining Funding Opportunity

Filefax, Inc. (“Filefax”), an Illinois company that intimately handled sensitive Personal Health Information (“PHI”), paid $100,000 to the Department of Health and Human Services (“HHS”) to settle potential violations of the Health Insurance Portability and Accountability Act (“HIPAA”). The payment stemmed from, when still in business, Filefax allegedly improperly disclosing the PHI of approximately 2,150 people when not properly securing
Continue Reading Healthcare Business Owners—HIPAA Still Applies After Closing Down Your Business

It’s flu season again. Your PCP at WPMG is thinking of you!

So began the health care provider’s text message that prompted this month’s Second Circuit decision applying the Telephone Consumer Protection Act to a flu shot reminder, Latner v. Mount Sinai Health System, Inc.

Plaintiff had gone to defendant West Park Medical Group (WPMG) in 2003 for a
Continue Reading Angry Text Message Recipient Loses Court Challenge On Flu Shot Reminder

On January 5, 2018, the United States Department of Health and Human Services released for public comment a draft Trusted Exchange Framework, which seeks to accomplish interoperability with respect to patients’ Electronic Health Information (“EHI”) through the creation of Health Information Networks (“HINs”). The 21st Century Cures Act, which Congress enacted in 2016, has the goal of creating
Continue Reading What are Your Thoughts on the Draft Trusted Exchange Framework?

In the wake of some of the worst storms our country has ever faced, as seen in the devastation caused by Hurricane Harvey in Texas, Hurricane Irma in Florida, and now Hurricane Maria in Puerto Rico and the U.S. Virgin Islands, it is important to understand some of the actions the United States federal government can take to assist victims
Continue Reading Public Health Emergencies and Mother Nature

Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity regulations apply to all individuals and entities that “operate under a license, registration, charter, certificate, permit, accreditation or similar authorization under the Banking Law, the Insurance Law or the Financial Services
Continue Reading New York’s New Cybersecurity Regulations and its Impact on your Sensitive Health Information

Picture1Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) is the first business associate to be held directly liable for violations under the HIPAA rules. CHCS provided management and information technology services to six nursing homes. According to the OCR Resolution Agreement, OCR received separate notifications from each of the six nursing homes regarding a breach of unsecured
Continue Reading OCR’s First Settlement with a Business Associate for HIPAA Violations

The Department of Health and Human Services, Office for Civil Rights (“OCR”), enforces the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This includes the requirement that Covered Entities (health care providers and health plans) have Business Associate Agreements with their “Business Associates.”

“Business Associates” are persons or entities who “create, receive, maintain or transmit Protected Health Information (“PHI”)
Continue Reading Consequences for Failure to Have a Required Business Associate Agreement

imagesPA8ET6EQIn our previous post [found here], we explained that, under the Privacy Rule, HIPAA covered entities (health care providers and health plans) must provide individuals and their “personal representatives” with access to the individual’s protected health information. An individual’s personal representative is determined under State law. In this post, we will define who is a “personal representative”
Continue Reading Who is a “Qualified Person” for Purposes of Access to a Patient’s Medical Records