Tag Archives: HITECH

Is CMS Prepared for Evolving Medical Records Technology?

Health care fraud accounts for billions of the US health expenditure each year. This week HHS published a study addressing possible deficiencies in CMS’ capability to address fraud vulnerabilities and ensure the integrity of electronic health records (“EHR”) systems which CMS and its contractors use to pay Medicare claims. Concerns about whether CMS’ oversight and … Continue Reading

CMS and OIG Ring in the New Year with Final Rules on EHR Donations

On December 27, 2013, the Centers for Medicare and Medicaid Services (“CMS”) and the Office of Inspector General of the Department of Health and Human Services (“OIG”) published final rules (“Final Rules”) regarding the electronic health records (“EHR”) donations Stark Law Exception (42 C.F.R. 411.357(w)) and Anti-Kickback Statute Safe Harbor (“AKS Safe Harbor”) (42 C.F.R. … Continue Reading

Data Security: Pay IT Now or Pay Out Later

The price of compliance may be high, but the price of non-compliance is even higher. Based on its recent $3 million data breach settlement, AvMed, and many other entities that have experienced data breach litigation, would likely agree that paying for security upgrades now, is far superior to paying for data breaches later. In 2009, … Continue Reading

HHS Guidance for De-Identification of PHI Under the HITECH Act

As required by the HITECH Act, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has issued guidance on two methods for de-identifying protected health information (PHI) under the Health Insurance portability and Accountability Act of 1996 (HIPAA) privacy rule.[1]  “This guidance is intended to assist covered entities to understand … Continue Reading

HHS Imposes First Civil Monetary Penalty for HIPAA Privacy Rule Violation

The U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, MD (“Cignet”), violated the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  HHS imposed a civil money penalty (“CMP”) of $4.3 million … Continue Reading