Category Archives: Electronic Health Record

Recent Appellate Court Case Emphasizes The Public’s Right to Records Under Public Records Act

IndestBy: George F. Indest III, J.D., M.P.A., LL.M., Board Certified by the Florida Bar in Health Law

The following is a summary of a recent appellate case on an issue that may be relevant to those pursuing administrative hearings in health law cases or related cases:

Promenade D’Iberville v Sundy, 145 So. 3d. 980 (Fla. 1st DCA 2014)

After receiving a public records request from Promenade D’Iberville, LLC (Promenade), with whom the Jacksonville Electric Authority (JEA) was in active litigation in Mississippi, the JEA filed a motion for protective order in the Mississippi court to circumvent the request. The JEA eventually turned over the requested records, but only after two months had passed and Promenade was forced to file an action for the public records.

The appellate court framed the issue as whether the JEA had violated the public records law by withholding requested non-exempt public records. The court noted that, as a general rule, governmental entities in Florida are broadly responsible to make public records available to all who request them. The JEA did not argue that any statutory exemption excused its obligation to make the requested documents available. Rather, the JEA delayed making the records available pending a ruling on its Mississippi motion, even though the pending litigation was not grounds for a public records exemption. Thus, the appellate court concluded, the JEA violated the public records law by delaying Promenade’s access to non-exempt public records for legally insufficient reasons.

Moreover, the appellate court concluded that JEA’s delayed production of records did not “cure” its unjustified delay. Only justified delay is permissible, such as to determine whether such records exist or due to a relief that some or all of the requested records are exempt from disclosure. Unjustified delay violates Florida public records law. Where there is unjustified delay to the point of forcing a requester to file a law suit that, alone, is “tantamount to an unlawful refusal to provide public records in violation of the Act.”
The case summary above was originally published in the Administrative Law Section Newsletter, Vol, 34, No. 2 (Dec 2014), a publication of the Administrative Law Section of the Florida Bar.


Blog Editor’s Comments:

Florida has a very broad Public Records Act, codified in Chapter 119, Florida Statutes. It entitles Florida residents to obtain copies of most records kept by state agencies (with certain exceptions, of course).

If a state agency denies a person’s request improperly, that person may sue the agency. If successful, the person is awarded attorney’s fees and costs incurred in bringing the litigation.


Comments?

Do you think that governmental entities in Florida are responsible to make public records available to all who request them? Do you agree/disagree that Unjustified delay violates Florida public records law? Do you think a person should be able to sue state agency if their request is denied improperly? Please leave any thoughtful comments below.


Contact Experienced Health Law Attorneys.

The attorneys of The Health Law Firm provide legal representation to medical students, residents, interns and fellows in academic disputes, graduate medical education (GME) hearings, contract negotiations, license applications, board certification applications and hearings, credential hearings, and civil and administrative litigations.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at: www.TheHealthLawFirm.com.


About the Author:
George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.


KeyWords:
Appellate, appellate court case, public records, Public Records Act, administrative hearing, administrative law, Unjustified delay, health law, health care law, health care law attorney, health law attorney, health care lawyer, health law lawyer, Florida health law attorney, administrative law attorney, defense attorney, defense lawyer

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2015 The Health Law Firm. All rights reserved.

Don’t Ring in the New Year with a HIPAA Audit – Safeguard Yourself Now

1 Indest-2008-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Here’s a scary reminder: There are people attempting to hack into electronic health systems every second of every day. Thankfully, most of these attempts are unsuccessful due to the preventive technologies in place to safeguard such information. However, electronic data will never be 100 percent secure.

Electronic health records promised was intended to be a tool for doctors to share patient data, reduce prescription drug errors, and allow patients convenient access to their records. However, since the transition to digital medical records, there have been concerns from patients about privacy, security and identity theft.

Recently, the Office for Civil Rights (OCR) announced that the agency will ramp up its Health Insurance Portability and Accountability Act (HIPAA) privacy and security audit program in 2015 for covered entities and business associates. These audits will focus on device encryptions, media controls, data transmission security protocols, and staff training on HIPAA policies and procedures.

Now is the time to ensure compliance.

Real World Privacy Breaches Happen All the Time.

On December 2, 2014, OCR and Anchorage Community Mental Health Services, Inc. (ACMHS), settled alleged violations of the HIPAA Security Rule. OCR started an investigation into ACMHS’s compliance with HIPAA after receiving a notification about a breach of unsecured electronic patient information affecting 2,743 individuals. The breach resulted from malware that compromised ACMHS’s information technology resources. According to the settlement, ACMHS must pay a $150,000 fine and enter into a resolution agreement and corrective action plan (CAP).

In November 2014, Beth Israel Deaconess Medical Center in Massachusetts agreed to a $100,000 settlement after a physician’s laptop was stolen from the hospital. The computer was not issued by the hospital and had not been encrypted in accordance with the hospital’s policies. However, the hospital was aware that the physician used the device. The laptop contained the health information and personal information, including Social Security numbers, of nearly 4,000 individuals. It’s alleged the hospital took three months to notify affected patients about the breach, which is a violation of HIPAA. (HIPAA requires such notifications to take place within 60 days.)

Tips to Protect Yourself and Your Business.

Again, the HIPAA audit program will be resuming after the first of the year. Accordingly, hundreds of covered entities and business associates will be receiving inquiries that could lead to an onsite audit. The audit requirements will be very difficult for organizations that have not planned in advance. Here are three easy-to-implement steps to prepare your practice.

1. Review the latest HIPAA policies and procedures. Make sure your office is meeting the latest privacy and security criteria. Identify gaps, update documents, and retrain staff on HIPAA policies and procedures. Don’t forget to document your educational efforts. Click here for a link to the latest policies and procedures.

2. Contact your business associates. Ask each of them to provide your practice with an updated Business Associate Agreement and list of all subcontractors they use. For business associates, the 2015 HIPAA audits will focus on risk analysis, risk management and updated policies and procedures for breach notification.

3. Have a risk assessment performed on your practice. To learn more about risk assessments, click here for a previous blog.

Also, a violation of the HIPAA privacy and security provisions does carry civil and criminal penalties. Anyone who is a health care professional or facility, should be aware of these legal provisions. Click here to read my previous blog.

HIPAA is Not One Size Fits All.

Protecting patient data is not a one-size-fits-all method, meaning that security measures and access to electronic records should not necessarily be uniform. There needs to be processes and check points in place at practices to ensure that the electronic health record system and its many users consistently meet HIPAA policies and procedures. Health care practices must be vigilant that when they integrate other medical practices and facilities into their organization that they extend these measures to incorporate new employees, new sites and locations, and various technologies.

As demonstrated throughout this blog, the risks of non-compliance simply outweigh the costs of sound preparation. If you’d like more information, contact a health law attorney experienced in these matters.

Comments?

Are you worried about the next round of HIPAA audits? Are you concerned about HIPAA violations? How are you ensuring compliance within your practice? Please leave any thoughtful comments below.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at http://www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Van Terheyden, Nick and Faix, Rob. “Digital Health Records: Pain and Gain.” Orlando Sentinel. (December 12, 2014). From: The Orlando Sentinel News Section on page A20.

“Beth Israel Agrees To Pay $100K To Settle 2012 Data Breach Case.” iHealthBeat. (November 25, 2014). From: http://www.ihealthbeat.org/articles/2014/11/25/beth-israel-agrees-to-pay-100k-to-settle-2012-data-breach-case?view=print

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.


“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Scribes Offer Physicians Some Relief from EHR Frustrations

10 Indest-2008-7By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In November 2013, a physician satisfaction study, sponsored by the American Medical Society (AMA), was published. In the study, physicians stated one of the most hated items in the medical industry is the electronic health record (EHR). According to physicians, EHRs are time-consuming, they hinder the physician-patient relationship by dividing the physician’s attention, they require health care professionals to perform tasks below their level of training, and EHRs can decrease efficiency in the practice.

Now there is a trend in the medical industry that allows physicians and health care practitioners to complete all their EHR documentation without ever having to touch a computer. According to an article in The New York Times, many medical practices and emergency rooms are hiring medical scribes to ease physicians’ note-taking responsibilities.

What is a Scribe?

A medical scribe is an unlicensed, trained medical information manager specializing in charting physician-patient encounters during the medical exams. A scribe enters information into the EHR at the direction of the physician or health care practitioner. Scribes can also support workflow and documentation for medical record coding.

Duties of a scribe vary by the practice. Some common duties include:

– Documenting procedures performed by the physician;
– Reviewing patient evaluation data for comparison and transcribing the results;
– Recording physician-dictated diagnoses, prescriptions and instructions for discharge; and
– Recording a provider’s consultations with other health care professionals.


Benefits of a Scribe.

According to an article in The New York Times, there are an estimated 10,000 scribes currently working in hospitals and medical practices around the country. In the same article physicians using scribes stated that they are more satisfied with their choice of career because the scribe allows the physician to concentrate on treating patients. Physicians also stated that by using scribes they can see up to four extra patients a day. Other benefits include, a reduced amount of clerical work for doctors, and better record keeping.

To read the entire article from The New York Times, click here.

Requirements of a Medical Scribe.

The growing medical scribe industry has yet to come together on a unified training and certification process. While the practitioner is ultimately responsible for the record, scribes should be trained to have a basic understanding of the EHR documentation guidelines, according to a Medical Economics article. Furthermore, there are specific signature requirements to be used when scribes are utilized, according to Medical Economics.

Some signature requirements for scribes include:

– Signing and dating all entries into the medical record. The role and signature of the scribe must be clearly distinguishable from that of the physician or licensed practitioner.
– The physician or licensed practitioner must authenticate the entry by signing, dating, and recording the time. A physician signature stamp is not permitted for use in the authentication of scribed entries.
– The authentication must take place before the physician and scribe leave the patient care area.
– If the organization determines that the scribe will be allowed to enter orders into the medical record, those orders entered into the medical record cannot be acted on until authenticated by the physician.
– The medical practice should implement a performance improvement process to ensure that the scribe is not acting outside of his or her job description, authentication is occurring as required, and that no orders are being acted on before they are authenticated.

When adding scribes to your practice, it is important to consult the guidelines laid out by state boards and other regulatory authorities in order to develop compliant scribe policies. Knowing your state’s requirements is key to reducing legal dangers and defending potential claims.

To learn more on medical scribes, click here to read the Medical Economics article.

Medical Assistants vs. Scribes.

In most states, medical assistants are allowed to perform more patient care activities than a scribe is. For example, see the list contained in Florida Law, Section 458.3485, Florida Statutes. On the other hand scribes are, in effect, merely medical transcriptionists. However, each job may prove to be a gateway to the other job. A well-trained medical assistant may make an excellent scribe and be of great assistance to the physician. An experienced medical scribe may make an excellent medical assistant, being familiar with medical terminology and patient care.

Contact Experienced Health Law Attorneys.

The Health Law Firm routinely represents physicians and medical groups on EHR issues. It also represents pharmacists, pharmacies, physicians, nurses and other health providers in investigations, regulatory matters, licensing issues, litigation, inspections and audits involving the DEA, Department of Health (DOH) and other law enforcement agencies. Its attorneys include those who are board certified by The Florida Bar in Health Law as well as licensed health professionals who are also attorneys.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

What do you think about the use of scribes in the medical practice? Do you or have you ever used a scribe? What are the benefits or pitfalls of using a scribe? Please leave any thoughtful comments below.

Sources:

Hafner, Katie. “A Busy Doctor’s Right Hand, Ever Ready to Type.” The New York Times. (January 12, 2014). From: http://www.nytimes.com/2014/01/14/health/a-busy-doctors-right-hand-ever-ready-to-type.html?_r=0

Lewis, Maxine. “Scribes Can Help Document Care, Boost Efficiency at Medical Practices.” Medical Economics. (October 20, 2013). From: http://medicaleconomics.modernmedicine.com/medical-economics/news/scribes-can-help-document-care-boost-efficiency-medical-practices

Conn, Joseph. “More Docs Get EHR Help.” Modern Healthcare. (August 24, 2013). From: http://www.modernhealthcare.com/article/20130824/MAGAZINE/308249958

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

CMS Delays Stage 3 Meaningful Use for Medicare and Medicaid EHR Incentive Programs

MLS Blog Label 2By Michael L. Smith, R.R.T., J.D., Board Certified by The Florida Bar in Health Law, and George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On December 6, 2013, the Centers for Medicare and Medicaid Services (CMS) announced a revised timeline for the implementation of Stage 3 meaningful use measures for the Medicare and Medicaid Electronic Health Record (EHR) Incentive Programs.

According to CMS, Stage 2 will be extended through 2016, and Stage 3 will begin in 2017 for those hospitals, physicians and other eligible providers that have completed at least two years of Stage 2 meaningful use. These changes affect two groups of eligible providers: providers who started Stage 1 in 2011, and who are currently scheduled to start Stage 3 in 2016, and those providers who started Stage 1 in 2012, and who are scheduled to start Stage 3 in 2016.

This announcement does not change when providers must start Stage 2, nor does it affect the requirement for hospitals and critical access hospitals to upgrade to EHR technology to receive incentive payments. The Medicare and Medicaid EHR incentive programs are staged in three steps with increasing requirements for participation. Eligible providers who do not meet meaningful use requirements will still be penalized with reduced Medicare reimbursement starting January 1, 2015.

To read more from CMS, click here.

Reasons for the Timeline Change.

According to Modern Healthcare, CMS stated that the goal of the timeline change is two-fold. First, to allow CMS and the Office of National Coordinator (ONC) to focus on assisting providers to meet Stage 2 demands for patient engagement, interoperability and information exchange, as well as use data collected during the phase to inform policy decisions for Stage 3.

CMS expects that it will release a notice of proposed rulemaking for Stage 3 in the fall of 2014, and the corresponding ONC notice for proposed rulemaking for the 2017 Edition of the ONC Standards and Certification Criteria will also be released at that time. Click here to read the entire article from Modern Healthcare.

What this Means for You.

If you begin participation with your first year of Stage 1 for the Medicare EHR Incentive Program in 2014:

– You must begin your 90 days of Stage 1 of meaningful use no later than July 1, 2014 and submit attestation by October 1, 2014 in order to avoid the 2015 payment adjustment.

If you have completed one year of Stage 1 of meaningful use:

– You will demonstrate a second year of Stage 1 of meaningful use in 2014 for a three-month reporting period fixed to the quarter for Medicare or any 90 days for Medicaid.
– You will demonstrate Stage 2 of meaningful use for two years (2015 and 2016).
– You will begin Stage 3 of meaningful use in 2017.

If you have completed two or more years of Stage 1 of meaningful use:

– You will still demonstrate Stage 2 of meaningful use in 2014 for a three-month reporting period fixed to the quarter for Medicare or any 90 days for Medicaid.
– You will demonstrate Stage 2 of meaningful use for three years (2014, 2015 and 2016).
– You will begin Stage 3 of meaningful use in 2017.

Contact Experienced Health Law Attorneys.

The Health Law Firm routinely represents physicians and medical groups on EHR issues. It also represents pharmacists, pharmacies, physicians, nurses and other health providers in investigations, regulatory matters, licensing issues, litigation, inspections and audits involving the DEA, Department of Health (DOH) and other law enforcement agencies. Its attorneys include those who are board certified by The Florida Bar in Health Law as well as licensed health professionals who are also attorneys.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

What do you think of the revised timeline for the implementation of Stage 3 meaningful use? Will this affect you? If so, how? Please leave any thoughtful comments below.

Sources:

Conn, Joseph. “Meaningful-Use Deadline Pushed Back One Year.” Modern Healthcare. (December 6, 2013). From: http://bit.ly/1kkAtsC

Tagalicod, Robert and Reider, Jacob. “Progress on Adoption of Electronic Health Records.” Centers for Medicare and Medicaid Services. (December 13, 2013). From: http://www.cms.gov/eHealth/ListServ_Stage3Implementation.html

About the Authors: Michael L. Smith, R.R.T., J.D., is Board Certified by The Florida Bar in Health Law. He is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Copying and Pasting Clinical Notes in Electronic Health Records Could Be Considered Healthcare Fraud

1 Indest-2008-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Department of Health and Human Services (HHS) Office of Inspector General (OIG) is concerned about healthcare providers carelessly copying and pasting clinical notes in electronic health records (EHRs). According to an audit report released on December 10, 2013, copying and pasting in EHRs can lead to fraudulently duplicated clinical notes, which can be considered healthcare fraud. This practice is allegedly widespread across medicine, according to a Modern Healthcare article. Federal officials say there is a need to crackdown on this behavior.

Click here to read the entire audit report from the HHS OIG.

This is the first of two reports on fraud and vulnerabilities in EHR systems. The second report from the OIG will be on weaknesses in how the Centers for Medicare and Medicaid Services’ (CMS) payment contractors monitor for fraud in EHRs. This report is scheduled to be published soon.

Report Looks at Hospital Policies Regarding Copy-and-Paste Features.

The audit report studied 864 hospitals that had received subsidies for EHR systems as of March 2012. Out of those hospitals, only twenty-four percent (24%) had any policy regarding the improper use of copying-and-pasting in EHRs. The report concluded that too few hospitals actually have policies defining the proper use of copy and paste in EHRs.

According to Modern Healthcare, adoption of EHR systems has coincided with a rapid rise in higher-cost Medicare claims. This has led to officials looking into whether EHRs are enabling illegal upcoding. Officials say that EHR features such as copy and paste make it too easy to bill for work that wasn’t actually performed and help increase reimbursements, according to Modern Healthcare. Click here to read the entire article from Modern Healthcare.

In the report the HHS OIG recommends that the CMS strengthen its efforts to develop a comprehensive plan to address fraud vulnerabilities in EHRs. It was also suggested that CMS develop guidance on the use of the copy-paste feature in EHR technology.

Tips to Help Avoid Copy-and-Paste Errors.

Tools commonly available in EHRs that allow physicians to copy and paste patient information should be used with extreme care, according to an article on American Medical News. The article offers health care providers some guidelines to help avoid errors related to copying and pasting.

– Avoid copying and pasting of text from another person’s notes.

– Avoid repetitive copying and pasting of laboratory results and radiology reports.

– Note important results with proper context, and document any resulting actions. Avoid wholesale inclusion of information readily available elsewhere in the EHR because that creates clutter and may adversely affect note readability.

– Review and update as appropriate any shared information found elsewhere in the electronic record (e.g., problems, allergies, medications) that is included in a note.

– Include previous history critical to longitudinal care in the outpatient setting, as long as it is always reviewed and updated. Copying and pasting other elements of the history, physical examination or formulations is risky, as errors in editing may jeopardize the credibility of the entire note.

Click here to read the entire article from American Medical News.

What This Means for Healthcare Providers Using EHRs.

The practice of copying and pasting previous information without checking can be considered careless and potentially dangerous to patients. It can be problematic when there are multiple teams taking care of one patient and using the chart to communicate. The right way is to make sure everything in the note you sign accurately reflects what happened on your shift.

In the report the HHS OIG stated that copy-and-paste features in EHRs will be under additional scrutiny. By knowing where the enforcement focus will be, providers can attempt to avoid copy-and-paste practices that are likely to lead to audits. Additionally, providers can beef up compliance efforts and policies.

Contact Health Law Attorneys Experienced in Handling Medicare and Medicaid Audits, Investigations and other Legal Proceedings.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

Don’t wait until it’s too late. If you are concerned of any possible violations and would like a consultation, contact a qualified health attorney familiar with medical billing and audits today. To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 and visit our website at http://www.TheHealthLawFirm.com.

Comments?

In your practice do you use an EHR system? Have you had any issues with copying and pasting clinical notes? Does your practice have a copy-and-paste policy? Please leave any thoughtful comments below.|

Sources:

Carlson, Joe. “Fed Eye Crackdown on Cut-and-Paste EHR Fraud.” Modern Healthcare. (December 10, 2013). From: http://www.modernhealthcare.com/article/20131210/NEWS/312109965/cut-and-paste-function-can-invite-ehr-fraud-officials-say

O’Reilly, Kevin. “EHRs: ‘Sloppy and Paste’ Endures Despite Patient Safety Risk.” American Medical News. (February 4, 2013). From: http://www.amednews.com/article/20130204/profession/130209993/2/

Levinson, Daniel R. “Not All Recommended Fraud Safeguards Have Been Implemented in Hospital EHR Technology.” Department of Health and Humans Services Office of Inspector General. (December 2013). From: http://www.modernhealthcare.com/assets/pdf/CH92135129.PDF

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Affinity Health Plan Settles with Government in Photocopier HIPAA Breach Incident Involving Patient Medical Information

8 Indest-2008-5By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The U.S. Department of Health and Humans Services (HHS) Office of Civil Rights (OCR), and Affinity Health Plan, Inc. (Affinity), reached a settlement for more than $1.2 million for potential violations of the Health Insurance Portability and Accountability Act (HIPAA). The alleged violations related to a photocopier previously leased by Affinity. The photocopier had an internal hard drive which stored copies of documents, including medical records, which had been photocopied by Afinity. The photocopier was returned to the leasing company and then later purchased from that same company by CBS Evening News. Apparently CBS Evening News then discovered the medical records on the photocopier hard drive.

According to the HHS, Affinity filed a breach report with the HHS OCR on April 15, 2010. This is required under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

To read the entire press release from the HHS, click here.

Affinity is a not-for-profit managed care plan serving the New York metropolitan area.

Alleged Violations Stemmed from Failing to Clear Photocopier Hard Drive.

Affinity was allegedly informed by a representative of CBS Evening News, that as part of an investigation, CBS purchased a photocopier previously leased by Affinity. CBS allegedly informed Affinity that the photocopier still contained medical information on its hard drive. The OCR estimated that up to 344,579 individuals may have been affected by the breach. The OCR’s investigation found that Affinity impermissibly disclosed the protected health information of these individuals when it returned multiple photocopiers to leasing agents without deleting the data stored on the hard drives.

Affinity Must Try to Retrieve All Hard Drives in Previously Used Photocopiers.

According to HealthIT Security, on top of the $1,215,780 payment, Affinity must also try to recover all its previously used photocopiers that are still in the custody of the leasing company. Affinity must also conduct a risk analysis of its electronic protected health information for security risks and vulnerabilities.

Click here to read the article from HealthIT Security.

Warning to HIPAA Covered Entities Regarding Risk Assessments.

This settlement is an important reminder about equipment designed to retain electronic information. HIPAA covered entities are responsible for making sure all personal information is wiped from the hardware before it is recycled, thrown away or sent back to a leasing agent. Entities are also required to undertake a careful risk analysis to understand the threats and vulnerabilities to individuals’ data, and have safeguards in place to protect this information.

HIPAA laws have most likely changed since you last edited your privacy forms and procedures. Many health providers simply do not have the time to re-review their policies and revise documents. In a perfect practice, this would be done every six months.

To learn more on HIPAA risk assessments, click here.

Be Sensitive to Technical Equipment Containing Internal Memory.

In today’s technological society everyone must be continually vigilant about the machines and equipment used. Many different types of devices now contain internal memory chips and hard drives that may store data that is difficult to erase. These may include, for example, photocopiers, scanners and fax machines, in addition to computers and servers. Security videos and communications monitoring systems may also maintain such information. Backup tapes and modern cell phones are other possible examples. These should be professionally cleaned of all data or destroyed before discarding them.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

What do you think of this settlement? Does your office and/or practice have an annual security risk assessment? Do you think risk analyses are important? Please leave any thoughtful comments below.

Sources:

Office of Civil Rights. “HHS Settles with Health Plan in Photocopier Breach Case.” U.S. Department of Health and Human Services. (August 14, 2013). From: http://www.hhs.gov/news/press/2013pres/08/20130814a.html

Ouellette, Patrick. “OCR, Affinity Health Plan Reach HIPAA Violation Agreement.” HealthIT Security. (August 14, 2013). From: http://healthitsecurity.com/2013/08/14/ocr-affinity-health-plan-reach-hipaa-violation-agreement

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law.  He is the President and Managing Partner of The Health Law Firm, which has a national practice.  Its main office is in the Orlando, Florida, area.  www.TheHealthLawFirm.com  The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone:  (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Internal Revenue Service Decides Electronic Health Record Incentive Payments are Taxable

6 Indest-2008-3By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Internal Revenue Service (IRS) has taken the position that electronic health record (EHR) incentive payments are taxable. Previously it was not specified how EHR incentive payments were to be treated or reported to the IRS. On January 14, 2013, the IRS issued guidance on this issue in a memorandum from the Office of Chief Counsel. This memorandum lists tax issues facing those who have received or who will receive EHR incentive payments. It also states the IRS’s position on those issues.

IRS Considered Three Different Issues and Gave its Stance on Each Issue.

In its memorandum, the Office of Chief Counsel considered the following three issues:

1. Whether recipients must include in gross income electronic health record
incentive payments paid by the Centers for Medicare and Medicaid Services
(CMS) pursuant to the American Recovery and Reinvestment Act (ARRA).

2. Whether CMS has a reporting requirement with regard to payments made under the EHR Incentive Program.

3. Whether the reporting requirement is altered if the payment is assigned to a third party.

The Summary of the Office of Chief Counsel’s Position on Each of the Issues.

1. The recipients must include the incentive payments in gross income unless they receive the payments as a conduit or an agent of another and are thus unable to keep the payments.

2. CMS has a reporting requirement under section 6041 of the Internal Revenue Code with respect to the eligible providers.

3. In the event of an assignment by the eligible providers to a third party, CMS would be obligated to report a payment to the eligible provider, even if the payment is assigned to a third party. The eligible provider would then likely bear a reporting obligation with respect to the assignment to a third party. CMS would not have a reporting obligation with respect to the third-party assignee unless CMS exercised managerial oversight with respect to, or had a significant economic interest in, the assignment.

Click here to read the entire memorandum.

Health Care Professionals Be Aware.

According to the IRS, taxpayers cannot avoid tax by turning over income to someone else. For example, a doctor earns an EHR incentive payment and turns it over to his/her practice. That doctor may still have to include the EHR payment on his/her personal tax return. The IRS allows an exception. If the doctor received the payment as an agent of the group practice, the doctor does not have to report it on his/her personal tax return.

Health care professionals and providers who have or will receive EHR incentive payments should plan to deal with the tax consequences of those incentives.

Contact Experienced Health Law Attorneys.

The Health Law Firm routinely represents physicians and medical groups on EHR problems. It also represents pharmacists, pharmacies, physicians, nurses and other health providers in investigations, regulatory matters, licensing issues, litigation, inspections and audits involving the DEA, Department of Health (DOH) and other law enforcement agencies. Its attorneys include those who are board certified by The Florida Bar in Health Law as well as licensed health professionals who are also attorneys.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

As a health care professional, do you think electronic health record (EHR) incentive payments should be taxable? Please leave any thoughtful comments below.

Sources:

Goldberg, Alan. “Healthcare Reimbursement List.” American Health Lawyers Association. (April 26, 2013).

Montemurro, Michael. “Electronic Health Records Incentive Payments, POSTS-145204-12.” Internal Revenue Service. (January 14, 2013). From: http://www.thehealthlawfirm.com/uploads/1307005.pdf

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

 

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.