Tom comes to FSB with over 10 years of experience in handling business organization and commercial transactions. Tom received his undergraduate degree from Virginia Tech in 1993 and his J.D. from the University of Pittsburgh in 1997.
FSB Welcomes Tom Clark
Sunday, 22 May 2011Tom comes to FSB with over 10 years of experience in handling business organization and commercial transactions. Tom received his undergraduate degree from Virginia Tech in 1993 and his J.D. from the University of Pittsburgh in 1997.
HITECH Final Regulations Update: Coming Soon!
Thursday, 12 May 2011
Susan McAndrew, deputy director for health information privacy at the Office for Civil Rights (OCR) indicated this week that various final regulations modifying the HIPAA privacy and security rules required by the Health Information Technology for Economic and Clinical Health Act (HITECH) will be issued soon. Health lawyers have been waiting on these regulations to better understand the full impact of the HITECH changes to HIPAA, including whether the "harm standard" will remain a part of the Interim Final Rule on breach notification.
According to a Health Information Security News article, McAndrew made this announcement this week while speaking at the 2011 NIST HIPAA Conference, Safeguarding Health Information: Building Assurance through HIPAA Security, held in Washington.
The article also indicated that a separate NPRM will be issued announcing the approach OCR plans to take regarding the accounting for disclosure modifications under the HITECH Act. The HITECH Act modified the traditional rule regarding those types of uses and disclosures that must be accounted for by health care providers and covered entities. Under the traditional rule -- health care providers did not have to provide an accounting of disclosure for uses and disclosures for treatment, payment, and health care operations. However, the modification by the HITECH Act now requires health care providers who utilize an electronic health record system (EHR)to provide, upon request, an accounting of disclosure of all uses and disclosures including those for treatment, payment, and health care operations which occurred within the last three year period. Of further interest will be how the NPRM suggests how business associates who obtain PHI from health care providers must also track and maintain a list of uses and disclosures for accounting of disclosure requests.
According to a Health Information Security News article, McAndrew made this announcement this week while speaking at the 2011 NIST HIPAA Conference, Safeguarding Health Information: Building Assurance through HIPAA Security, held in Washington.
The article also indicated that a separate NPRM will be issued announcing the approach OCR plans to take regarding the accounting for disclosure modifications under the HITECH Act. The HITECH Act modified the traditional rule regarding those types of uses and disclosures that must be accounted for by health care providers and covered entities. Under the traditional rule -- health care providers did not have to provide an accounting of disclosure for uses and disclosures for treatment, payment, and health care operations. However, the modification by the HITECH Act now requires health care providers who utilize an electronic health record system (EHR)to provide, upon request, an accounting of disclosure of all uses and disclosures including those for treatment, payment, and health care operations which occurred within the last three year period. Of further interest will be how the NPRM suggests how business associates who obtain PHI from health care providers must also track and maintain a list of uses and disclosures for accounting of disclosure requests.
WVCLE: Health Care Law 2011 Seminar
Tuesday, 10 May 2011
The West Virginia Continuing Legal Education Section of WVU College of Law will be sponsoring Health Care Law 2011 Seminar on May 20, 2011, in Charleston, West Virginia at WVU Medical Center - CAMC.
The Health Care Law 2011 Seminar will cover a variety of topics of interest to West Virginia health care attorneys. Topics include: Medical Mapractice Update, Protecting Medicare's Interest Under Section 111 and Mandatory Reporting Requirments, Risk Management Topics for Hospitals, Development and Update on ACOs, HIPAA/HITECH Update and Anatomy of a Health Care Data Breach, Stark and Fraud Abuse Update, and Lawyers and Law Firms as Business Associates.
I will be speaking on the changes to HIPAA under HITECH. The title for my presentation is "Anatomy of a Breach: Practical Tools to Handle a Breach and HIPAA/HITECH Updates."
Learn more about the seminar and how to register here.
The Health Care Law 2011 Seminar will cover a variety of topics of interest to West Virginia health care attorneys. Topics include: Medical Mapractice Update, Protecting Medicare's Interest Under Section 111 and Mandatory Reporting Requirments, Risk Management Topics for Hospitals, Development and Update on ACOs, HIPAA/HITECH Update and Anatomy of a Health Care Data Breach, Stark and Fraud Abuse Update, and Lawyers and Law Firms as Business Associates.
I will be speaking on the changes to HIPAA under HITECH. The title for my presentation is "Anatomy of a Breach: Practical Tools to Handle a Breach and HIPAA/HITECH Updates."
Learn more about the seminar and how to register here.
Leaves of 3 Let Them Be: Poison Ivy Advice from Dr. Coffield
Sunday, 10 April 2011
Last week I was looking through some old printed emails and I ran across advice about poison ivy from my dad, LeMoyne Coffield. Since Spring is on the way and the poison ivy is starting to grow I thought I would share this with everyone (including some good advice for the golfers).
My dad was not only my dad but he was my (our) family doctor. He was a lot of peoples family doctor. He had a wonderful way of providing advice and recommendations to his patients. His medical advice wasn't always the easiest and quickest solution - but it was usually the best long term practical advice.
I wrote him an email back in the Spring of 2000. I had been cleaning up an area behind our house and had gotten a bad case of poison ivy on my arms, neck, and face. I started the email by saying, "Thought I would let you know that spring has arrived -- I got my first bout of poison ivy. Some lessons you taught me as a child (and adult) have never gotten through." As children he was always pointing out poison ivy, showing us what it looked like, and hoping that we would learn how to spot it from a distance. My email went on to say that I had gone to see my primary care doctor and he had prescribed an oral steroid (prednisone) and I said, "What do you think?" Like I often did - I was emailing him for his second opinion. Below is his advice back to me. Good advice for anyone who is starting their spring yard cleaning.
By the way - if you don't know what poison ivy looks like look at this and remember, "Leaves of 3 let them be."
My dad was not only my dad but he was my (our) family doctor. He was a lot of peoples family doctor. He had a wonderful way of providing advice and recommendations to his patients. His medical advice wasn't always the easiest and quickest solution - but it was usually the best long term practical advice.
I wrote him an email back in the Spring of 2000. I had been cleaning up an area behind our house and had gotten a bad case of poison ivy on my arms, neck, and face. I started the email by saying, "Thought I would let you know that spring has arrived -- I got my first bout of poison ivy. Some lessons you taught me as a child (and adult) have never gotten through." As children he was always pointing out poison ivy, showing us what it looked like, and hoping that we would learn how to spot it from a distance. My email went on to say that I had gone to see my primary care doctor and he had prescribed an oral steroid (prednisone) and I said, "What do you think?" Like I often did - I was emailing him for his second opinion. Below is his advice back to me. Good advice for anyone who is starting their spring yard cleaning.
By the way - if you don't know what poison ivy looks like look at this and remember, "Leaves of 3 let them be."
OCR Seeks FY2012 Budget Increase of $5.6M for HIPAA Compliance and Enforcement
Thursday, 17 March 2011
HealthLeaders reports that the Office of Civil Rights (OCR) is seeking an additional $5.6 million in its Fiscal Year 2012 budget proposal to fund its HIPAA compliance and enforcement activities.
The article also details the most current reported numbers on breaches reported to OCR. As of March 16 there have been 249 entities that have reported breaches affecting 500 or more individuals. To view the current data and details on reported breaches go to the OCR Breaches Affecting 500 or More Individuals.
The article also details the most current reported numbers on breaches reported to OCR. As of March 16 there have been 249 entities that have reported breaches affecting 500 or more individuals. To view the current data and details on reported breaches go to the OCR Breaches Affecting 500 or More Individuals.
OCR Imposes $4.3M Penalty for Violation of HIPAA/HITECH Privacy Rule
Tuesday, 22 February 2011
UNTIL TODAY, many health care providers questioned whether HHS and the Office of Civil Rights (OCR) would ever issue any significant penalties for violations of the HIPAA Privacy Rule. However, will OCR ever be able to collect the penalties.
Today, HHS Office of Civil Rights (OCR) announced a civil money penalty (CMP) of $4.3 million against Cignet Health of Prince George's County, MD for violating the HIPAA Privacy Rule. This is the first ever civil money penalty issued by OCR for a violation of the HIPAA Privacy Rule. It is significant not only because it is the first - but also because of the size of the penalty and the basis for the violation.
OCR issued a Notice of Final Determination on February 4, 2011, outlining the procedure for payment of the $4.3 million civil money penalty. The Notice of Final Determination also indicates that Cignet failed to request a hearing on the matter or reach settlement with OCR. Prior to the issuance of the final notice, OCR had issued a Notice of Proposed Determination on October 20, 2010, which details the basis for the penalty, details the findings of fact, grounds for violation of HIPAA, and calculation of the penalty amount.
The Notice of Proposed Determination indicates that Cignet violated HIPAA by failing to provide individuals access to their health information under 45 CFR 164.524 and failed to cooperate with an investigation under 45 CFR 160.310(b). The Notice states:
Read the HHS Press Release and OCR Press Release. More details via the OCR's Resolution Agreement page. For more background on Cignet Health check out David Harlow's post at HealthBlawg, HIPAA CMP's: What's the point?
Today, HHS Office of Civil Rights (OCR) announced a civil money penalty (CMP) of $4.3 million against Cignet Health of Prince George's County, MD for violating the HIPAA Privacy Rule. This is the first ever civil money penalty issued by OCR for a violation of the HIPAA Privacy Rule. It is significant not only because it is the first - but also because of the size of the penalty and the basis for the violation.
OCR issued a Notice of Final Determination on February 4, 2011, outlining the procedure for payment of the $4.3 million civil money penalty. The Notice of Final Determination also indicates that Cignet failed to request a hearing on the matter or reach settlement with OCR. Prior to the issuance of the final notice, OCR had issued a Notice of Proposed Determination on October 20, 2010, which details the basis for the penalty, details the findings of fact, grounds for violation of HIPAA, and calculation of the penalty amount.
The Notice of Proposed Determination indicates that Cignet violated HIPAA by failing to provide individuals access to their health information under 45 CFR 164.524 and failed to cooperate with an investigation under 45 CFR 160.310(b). The Notice states:
1. Failure to Provide Access (45 C.F.R. § 164.524). Cignet failed to provide 41 individuals listed in Attachment A timely access to obtain a copy of the protected health information about them in the designated record sets (medical records) maintained by Cignet. These failures constitute violations of 45 C.F.R. § 164.524. Cignet's failure to provide each individual with access constitutes a separate violation of 45 C.F.R. § 164.524, and each day that the violation continued (that is, from the date specified in column 5 of Attachment A until April 7,2010) counts as a separate violation of 45 C.F.R. § 164.524.The press release issued by HHS points out that the HIPAA Privacy Rule requires that health care providers must provide a patient with access and/or copy of their health information within 30 days (and no later than 60) days after the patient requests such information. Further, the press release indicates that covered entities and business associates must uphold their responsibility to provide patients with access to their own health information.
2. Failure to Cooperate with an Investigation (45 C.F.R. § I60.310(b)). Cignet failed to cooperate with OCR's investigation of 27 complaints regarding Cignet's noncompliance described in paragraph 1 above. These failures to cooperate with an investigation constitute violations of 45 C.F.R. § 160.310(b). Cignet's failure to cooperate with OCR's investigation of each complaint constitutes a separate violation of 45 C.F.R. § 160.310(b), and each day that the violation continued (that is, from the date specified in column 7 of Attachment A until April 7, 2010) counts as a separate violation of 45 C.F.R. § 160.310(b). Each violation of 45 C.F.R. § 160.310(b) was due to Cignet's willful neglect of its obligation to comply with 45 C.F.R. § 160.310(b). Willful neglect means the conscious, intentional failure or reckless indifference to the obligation to comply with the administrative simplification provision violated. See 45 C.F.R. § 160.401.
Read the HHS Press Release and OCR Press Release. More details via the OCR's Resolution Agreement page. For more background on Cignet Health check out David Harlow's post at HealthBlawg, HIPAA CMP's: What's the point?
WVDHHR Transfers OHFLAC Staff and Operations to OIG
Monday, 31 January 2011
According to the West Virginia Department of Health and Human Resources (DHHR), the West Virginia Office of Health Facility Licensure and Certification (OHFLAC) will be transferred to the West Virginia Office of Inspector General (OIG) effective February 1, 2010. OHFLAC oversees the state and federal licensure and certification process in West Virginia for hospitals, critical access hospitals, behavioral health facilities, home health agencies, hospice agencies, ESRD services, and other health care services.
All personnel and positions currently assigned to OHFLAC will be administratively transferred. DHHR has states that this action is to further enhance the integrity of the regulatory unit of the Department of Health and Human Resources.
All personnel and positions currently assigned to OHFLAC will be administratively transferred. DHHR has states that this action is to further enhance the integrity of the regulatory unit of the Department of Health and Human Resources.
Subscribe to:
Posts (Atom)