EEOC CHALLENGES WELLNESS PROGRAM UNDER ADA

August 21, 2014

The U.S. Equal Employment Opportunity Commission (EEOC) has charged in a lawsuit that Manitowoc, Wisconsin-based Orion Energy Systems violated federal law by requiring an employee to submit to medical exams and inquiries that were not job-related and consistent with business necessity as part of a wellness program, which was not voluntary, and then by firing the employee when she objected to the program. Read the rest of this entry »


HOSPITAL TO PAY $150,000 TO SETTLE DATA BREACH ALLEGATIONS

August 7, 2014

Women & Infants Hospital of Rhode Island (WIH) has agreed to pay $150,000 to resolve allegations that it failed to protect the personal information and protected health information of more than 12,000 patients in Massachusetts, Attorney General (AG) Martha Coakley has announced.  Under the Health Information Technology for Economic and Clinical Health (HITECH) Act, state attorneys general can bring suits to enforce the privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA). Read the rest of this entry »


$800,000 HIPAA SETTLEMENT IN MEDICAL RECORDS DUMPING CASE

July 25, 2014

Parkview Health System, Inc. has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule with the U.S. Department of Health and Human Services Office for Civil Rights (OCR).  Parkview will pay $800,000 and adopt a corrective action plan to address deficiencies in its HIPAA compliance program.  Parkview is a nonprofit health care system that provides community-based health care services to individuals in northeast Indiana and northwest Ohio. Read the rest of this entry »


EXCHANGE AND INSURANCE MARKET STANDARDS FOR 2015 AND BEYOND

May 30, 2014

The Department of Health and Human Services (HHS),has released a final rule for Exchange and Insurance Market Standards for 2015 and beyond.  This final rule addresses various requirements applicable to health insurers, Exchanges, Navigators, non-Navigator assistance personnel, and other entities under the Patient Protection and Affordable Care Act (ACA).  Specifically, the rule establishes standards related to product discontinuation and renewal, quality reporting, non-discrimination standards, minimum certification standards and responsibilities of qualified health plan (QHP) insurers, the Small Business Health Options Program (SHOP), and enforcement remedies in Federally-facilitated Exchanges. Read the rest of this entry »


DATA BREACH RESULTS IN $4.8 MILLION HIPAA SETTLEMENTS

May 14, 2014

Two health care organizations have agreed to settle charges that they potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to secure thousands of patients’ electronic protected health information (ePHI) held on their network.  The monetary payments of $4,800,000 include the largest HIPAA settlement to date. Read the rest of this entry »


SELF-FUNDED PLANS NEED TO GET NEW UNIQUE STANDARD IDENTIFIERS

May 3, 2014
As of November 7, 2016, health plans and all other entities that engage in HIPAA (Health Insurance Portability and Accountability Act) electronic “standard transactions” must have and use a unique standard identifier?  The definition of health plans for this purpose includes third party administrators (TPAs) and self-funded group health plans. Larger plans need to obtain this number from the Centers for Medicare & Medicaid Services (CMS) by November 5, 2014.  Smaller plans, which are defined as those with claims paid of $5 million or less, will have a one-year delay to November 5, 2015.  There is no charge to obtain this identifier.  Plans need to access the CMS Enterprise Portal to obtain an identifier. Read the rest of this entry »

STOLEN LAPTOPS LEAD TO IMPORTANT HIPAA SETTLEMENTS

May 2, 2014

Two entities have paid the U.S. Department of Health and Human Services Office for Civil Rights (OCR) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.  These major enforcement actions underscore the significant risk to the security of patient information posed by unencrypted laptop computers and other mobile devices.  Read the rest of this entry »