Category Archives: In the Know

Health care law encompasses a wide range of issues. Learn more about regulations, legislation and general information involving health care providers and professionals (physicians, nurses, pharmacists, therapists, mental health counselors, rehab facilities, nursing homes, DME suppliers, medical students and interns, pain management clinics, hospital administrators, etc.) including information regarding the Department of Health, professional boards (Board of Nursing, Board of Pharmacy, Board of Dentistry, Board of Medicine, etc.), DEA, AHCA (Florida Agency for Health Care Administration) and Medicare and Medicaid.

The Ins and Outs of Florida’s 2015 Legislative Session for Health Care Providers

10 Indest-2008-7George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in the Legal Specialty of Health Law

Committees are busy in Tallahassee as the 2015 Legislative Session is set to begin on March 3, 2015. For Florida physicians and other health care providers, now is the time to review the legislative bills that could affect you and your practice. There are many bills pending that could impact the future of medical practice and health care delivery in Florida.

On the table are some recognizable bills from last year, as well as a few new ones. To stay up to date on the 2015 Legislative Session as it relates to health care, check this blog regularly.

Bills Up for Consideration.

The two most profiled issues from the 2014 Legislative Session are back.

– House Bill (HB) 547 and the companion Senate bill (SB) 614 would give nurse practitioners the ability to prescribe controlled substances. It would also expand their scope of practice, which would exempt them from the requirement that certain medical acts be performed or supervised by a physician. To learn more on this bill, click here for our previous blog.

– HB 545 and the companion Senate bill SB 478 defines what is determined to be telemedicine or telehealth. These bills call for coverage in Medicaid programs. Lawmakers state an agreement has been made to require health care providers to be licensed in Florida to provide telemedicine in the state. House and Senate leaders have expressed confidence they will reach an agreement this year on telemedicine. Click here to learn more on telemedicine in Florida.

Each bill could dramatically change the landscape of the practice of Florida medicine.

Keep an Eye on These Additional Bills.

Other pending bills that could impact the delivery of health care in Florida, include:

– SB 516 addresses insurance coverage and reimbursement issues for emergency services;

– HB 279 would allow pharmacy interns to administer vaccinations to adults;

– HB 281 and SB 532 would allow licensed physician assistants under physician supervision to order controlled substances in the hospital setting; and

– HB 515 and SB 710 revise the scope of physical therapists and prohibit individuals with doctorates in physical therapy to present themselves as a doctor without informing the public of his or her actual profession as a physical therapist.

In Conclusion.

The 2015 Legislative Session is packed with bills that, if approved, will affect physicians, physician assistants, nurses, and other health care providers. As a health care provider, knowing the ins and outs of these bills can save you from the headache and possible fines that could come from non-compliance. We urge you to become involved with these issues. If you would like to know more, you can contact your local medical society. Again, we will stay on top of the progress of these bills, so check this blog regularly.

Contact Experienced Health Law Attorneys.

The Health Law Firm routinely represents physicians, pharmacists, pharmacies, optometrists, nurses and other health providers in investigations, regulatory matters, licensing issues, litigation, HIPAA complaints and violations, NPDB actions, inspections and audits involving the Drug Enforcement Administration (DEA), Federal Bureau of Investigation (FBI), Department of Health (DOH) and other law enforcement agencies. Its attorneys include those who are board certified by The Florida Bar in Health Law as well as licensed health professionals who are also attorneys.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at http://www.TheHealthLawFirm.com.

Sources:

Stone, Rick. “PAs, Nurse Practitioners Could Get Prescribing Authority.” Health News Florida. (February 11, 2015). From: http://health.wusf.usf.edu/post/pas-nurse-practitioners-could-get-prescribing-authority?utm_source=Health+News+Florida+eAlert+subscriber+list&utm_campaign=e231ee3f8a-Friday_February_13_20152_13_2015&utm_medium=email&utm_term=0_8d22eaa6f6-e231ee3f8a-249582973

Saunders, Jim. “Telemedicine Deal Likely in 2015, Legislators Say.” Orlando Sentinel. (February 3, 2014). From: http://www.orlandosentinel.com/news/politics/os-florida-telemedicine-deal-20150203-story.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1999-2015 The Health Law Firm. All rights reserved.

Open for Registration: Telemedicine Association Begins Telemedicine Accreditation

Lance Leider headshotBy Lance O. Leider, J.D., The Health Law Firm

The American Telemedicine Association (ATA) recently announced that it was accepting a limited number of applications for its telemedicine provider accreditation program. According to the ATA the purpose of the accreditation is to recognize organizations that provide top-notch online health care services. The ATA calls the service its “Accreditation Program for Online Patient Consultations.”

Details on ATA’s Accreditation Program.

Eligibility to register and apply for accreditation is aimed at any United States based organization that provides real-time interactive doctor-patient interactions via live online video services. Currently the ATA is not certifying so-called “store-and-forward” providers. However, this may be a possibility in the future as this technology becomes more widely used.

The ATA’s standards for the accreditation program are modeled after those found in state and federal laws and regulations, industry best practices, and input from the community. The primary focus is on robust policies and procedures, appropriate areas of practice (i.e. online treatment is appropriate for the illness), and patient health and safety.

Telemedicine Laws Different in Every State.

As with any health care good or service, the rules and regulations differ widely from state to state and with federal payors like Medicare. It is important to check your state medical board’s rules and opinions on telemedicine to avoid disciplinary action for inadvertently violating the medical practice act or some other applicable regulation.

Also note some states that permit telemedicine still require the physician to be licensed in the state in which the patient resides. Before engaging in telemedicine services, you should also look at the regulations in the states in which your patients are located to see if you need to have a license. Being accredited, while certainly a step in the right direction, will not necessarily exempt you from compliance with the law.

There has been a recent push to expand the scope of telemedicine services that are payable by Medicare. If these efforts are successful, there will undoubtedly be a spike in the number of providers offering remote services. Additionally, many private insurers have been piloting programs to see if the purported savings offered by telemedicine actually reduce the cost of claims.

Comments?

What do you think about the ATA’s accreditation program? Where do you think telemedicine will be in five years? Please leave any thoughtful comments below.

Contact Health Law Attorneys Experienced in Representing Health Care Professionals and Providers.

At the Health Law Firm we provide legal services for all health care providers and professionals. This includes physicians, nurses, dentists, psychologists, psychiatrists, mental health counselors, Durable Medical Equipment suppliers, medical students and interns, hospitals, ambulatory surgical centers, pain management clinics, nursing homes, and any other health care provider. We represent facilities, individuals, groups and institutions in contracts, sales, mergers and acquisitions.

The services we provide include reviewing and negotiating contracts, business transactions, professional license defense, representation in investigations, credential defense, representation in peer review and clinical privileges hearings, Medicare and Medicaid audits, commercial litigation, and administrative hearings. To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at http://www.TheHealthLawFirm.com.

About the Author: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2015 The Health Law Firm. All rights reserved.

Physician Argues Definition of “Peer” at Formal Administrative Hearing

peer reviewFACTS: The Agency for Health Care Administration (“AHCA”) is responsible for administering Florida’s Medicaid program and conducting investigations and audits of paid claims to ascertain if Medicaid providers have been overpaid. With regard to investigations of physicians, section 409.9131, Florida Statutes, provides that AHCA must have a “peer” evaluate Medicaid claims before the initiation of formal proceedings by AHCA to recover overpayments. Section 409.9131(2)(c) defines a “peer” as “a Florida licensed physician who is, to the maximum extent possible, of the same specialty or subspecialty, licensed under the same chapter, and in active practice.” Section “109.9131(2)(a) deems a physician to be in “active practice” if he or she has “regularly provided medical care and treatment to patients within the past two years.”

Alfred Murciano, M.D., treats patients who are hospitalized in Level III neonatal intensive care units and pediatric intensive care units in Miami-Dade, Broward, and Palm Beach County hospitals. His practice is limited to pediatric infectious disease. He has been certified by the American Board of Pediatrics in two areas: General Pediatrics and Pediatric Infectious Diseases. AHCA initiated a review of Medicaid claims submitted by Dr. Murciano between September 1, 2008, and August 31, 2010, and referred those claims to Richard Keith O’Hern, M.D., for peer review. Dr. O’Hern practiced medicine for 37 years, and was engaged in a private general pediatric practice until he retired in December of 2012. During the course of his career, he was certified by the American Board of Pediatrics in General Pediatrics, completed a one-year infectious disease fellowship at the The University of Florida, and treated approximately 16,000 babies with infectious disease issues. However, he was never board certified in pediatric infectious diseases, and at the time he reviewed Dr. Murciano’s Medicaid claims, Dr. O’Hern would have been ineligible for board certification in pediatric infectious diseases. In addition, Dr. O’Hern would have been unable to treat Dr. Murciano’s hospitalized patients in Level III NICUs and PICUs.

After Dr. O’Hern’s review, AHCA issued a Final Agency Audit Report alleging Dr Murciano had been overpaid by $l,051.992.99, and that he was required to reimburse AHCA for the overpayment. In addition, AHCA stated it was seeking to impose a fine of $210,398.60.

OUTCOME: Dr. Murciano argued at the formal administrative hearing that Dr O’Hern was not a “peer” as that term is defined in section 409.9131(20)(c). The ALJ agreed and issued a Recommended Order on May 22, 2014, recommending that AHCA’s case be dismissed because it failed to satisfy a condition precedent to initiating formal proceedings. While recognizing that AHCA is not required to retain a reviewing physician with the exact credentials as the physician under review, the ALJ concluded Dr. O’Hern was not of the same specialty as Dr. Murciano.

On July 31, 2014, AHCA rendered a Partial Final Order rejecting the ALJ’s conclusion that Dr. O’Hern was not a “peer.” In the course of ruling that it has substantive jurisdiction over such conclusions and that its interpretation of section 409.9131(2)(c), Florida Statutes, is entitled to deference, AHCA stated that it interprets the statute “to mean that the peer must practice in the same area as Respondent, hold the same professional license as Respondent, and be in active practice like Respondent.” AHCA concluded that “Dr. O’Hern is indeed a ‘peer’ of Respondent under the Agency’s interpretation of Section 409.9131(2)(c), Florida Statutes, because he too has a Florida medical license, is a pediatrician and had an active practice at the time he reviewed Respondent’s records. That Dr. O’Hern did not hold the same certification as Respondent, or have a professional practice identical to Respondent in no way means he is not a ‘peer’ of Respondent.” AHCA’s rejection of the ALJ’s conclusion of law regarding Dr. O’Hern’s “peer” status caused AHCA to remand the case back to the ALJ to make the factual findings on the claimed overpayments that were not made in the Recommended Order because of the ALJ’s conclusion that Dr. O’Hern did not qualify as a “peer.”

On August 18, 2014, the ALJ issued an Order respectfully declining AHCA’s remand. AHCA then filed a Petition for writ of Mandamus in the First District Court of Appeal, asking the court to direct the ALA to accept the remand and to enter findings of fact and conclusions of law with regard to each overpayment claim. The court assigned case number 1D14-3836 to AHCA’s Petition, and the case is pending.
Source:

AHCA v. Alfred Murciano, M.D., DOAH Case No. 13-0795MPI (Recommended Order May 22, 2014), AHCA Rendition No. 14-687-FOF-MDO (Partial Final Order July 31, 2014)
About the Author: The forgoing case summary was prepared by and appeared in the DOAH case notes of the Administrative Law Section newsletter, Vol. 36, No. 2 (Dec. 2014), a publication of the Administrative Law Section of The Florida Bar.

A New Year Means New Audits and Site Visits for Assisted Living Facilities – Protect Yourself Now

00011_RT8By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

For Assisted Living Facilities (ALFs) in Florida, it’s time to do a little brushing up on your compliance material.

Beginning in January 2015, the Agency for Health Care Administration (AHCA), Office of Inspector General (OIG), Bureau of Medicaid Program Integrity (MPI), will conduct site visits to determine compliance with the Florida Medicaid Provider General Handbook and the Assistive Care Services Coverage and Limitations Handbook. This is just one of several initiatives aimed at ALFs to curtail fraud, waste, and abuse in the Florida Medicaid program.

Be Prepared.

The goal of a site visit is to determine if providers are rendering and documenting required services; to determine if assistive care services are being rendered by qualified and properly trained staff; to identify quality of care/environmental issues; and, to document and report ALF providers’ deficiencies to any managed care organizations with which the ALF is contracted.

According to the Florida Assisted Living Association (FALA), the majority of MPI sanctions concerning these fines are associated with the failure to have the following completed forms on file for each resident:

1. AHCA Form 1823 – The Health Assessment
2. AHCA Form 035 – The Certification of Medical Necessity
3. AHCA Form 036 – Medicaid Service Plan

Knowing is Half the Battle.

This announcement shows that the government will continue rigorous and thorough enforcement efforts this year. ALFs should consider this a fair warning to get supporting documentation in order. If you’re worried your ALF may not be in compliance, we suggest getting a compliance assessment. If your ALF is being audited we always suggest contacting an experienced health law attorney immediately. For general tips on how to respond to a Medicaid audit, click here for a previous blog.

Comments?

Did you know about these anti-fraud initiatives? Do you feel like your ALF is prepared for a site visit? Please leave any thoughtful comments below.

Contact Health Law Attorneys Experienced in Representing Assisted Living Facilities.

The Health Law Firm and its attorneys represent assisted living facilities (ALFs) and ALF employees in a number of different matters including incorporation, preparing contracts, defending the facility against malpractice claims, licensing and regulatory matters, administrative hearings, and routine legal advice.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

 

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1999-2015 The Health Law Firm. All rights reserved.

Don’t Ring in the New Year with a HIPAA Audit – Safeguard Yourself Now

1 Indest-2008-1By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Here’s a scary reminder: There are people attempting to hack into electronic health systems every second of every day. Thankfully, most of these attempts are unsuccessful due to the preventive technologies in place to safeguard such information. However, electronic data will never be 100 percent secure.

Electronic health records promised was intended to be a tool for doctors to share patient data, reduce prescription drug errors, and allow patients convenient access to their records. However, since the transition to digital medical records, there have been concerns from patients about privacy, security and identity theft.

Recently, the Office for Civil Rights (OCR) announced that the agency will ramp up its Health Insurance Portability and Accountability Act (HIPAA) privacy and security audit program in 2015 for covered entities and business associates. These audits will focus on device encryptions, media controls, data transmission security protocols, and staff training on HIPAA policies and procedures.

Now is the time to ensure compliance.

Real World Privacy Breaches Happen All the Time.

On December 2, 2014, OCR and Anchorage Community Mental Health Services, Inc. (ACMHS), settled alleged violations of the HIPAA Security Rule. OCR started an investigation into ACMHS’s compliance with HIPAA after receiving a notification about a breach of unsecured electronic patient information affecting 2,743 individuals. The breach resulted from malware that compromised ACMHS’s information technology resources. According to the settlement, ACMHS must pay a $150,000 fine and enter into a resolution agreement and corrective action plan (CAP).

In November 2014, Beth Israel Deaconess Medical Center in Massachusetts agreed to a $100,000 settlement after a physician’s laptop was stolen from the hospital. The computer was not issued by the hospital and had not been encrypted in accordance with the hospital’s policies. However, the hospital was aware that the physician used the device. The laptop contained the health information and personal information, including Social Security numbers, of nearly 4,000 individuals. It’s alleged the hospital took three months to notify affected patients about the breach, which is a violation of HIPAA. (HIPAA requires such notifications to take place within 60 days.)

Tips to Protect Yourself and Your Business.

Again, the HIPAA audit program will be resuming after the first of the year. Accordingly, hundreds of covered entities and business associates will be receiving inquiries that could lead to an onsite audit. The audit requirements will be very difficult for organizations that have not planned in advance. Here are three easy-to-implement steps to prepare your practice.

1. Review the latest HIPAA policies and procedures. Make sure your office is meeting the latest privacy and security criteria. Identify gaps, update documents, and retrain staff on HIPAA policies and procedures. Don’t forget to document your educational efforts. Click here for a link to the latest policies and procedures.

2. Contact your business associates. Ask each of them to provide your practice with an updated Business Associate Agreement and list of all subcontractors they use. For business associates, the 2015 HIPAA audits will focus on risk analysis, risk management and updated policies and procedures for breach notification.

3. Have a risk assessment performed on your practice. To learn more about risk assessments, click here for a previous blog.

Also, a violation of the HIPAA privacy and security provisions does carry civil and criminal penalties. Anyone who is a health care professional or facility, should be aware of these legal provisions. Click here to read my previous blog.

HIPAA is Not One Size Fits All.

Protecting patient data is not a one-size-fits-all method, meaning that security measures and access to electronic records should not necessarily be uniform. There needs to be processes and check points in place at practices to ensure that the electronic health record system and its many users consistently meet HIPAA policies and procedures. Health care practices must be vigilant that when they integrate other medical practices and facilities into their organization that they extend these measures to incorporate new employees, new sites and locations, and various technologies.

As demonstrated throughout this blog, the risks of non-compliance simply outweigh the costs of sound preparation. If you’d like more information, contact a health law attorney experienced in these matters.

Comments?

Are you worried about the next round of HIPAA audits? Are you concerned about HIPAA violations? How are you ensuring compliance within your practice? Please leave any thoughtful comments below.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at http://www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Van Terheyden, Nick and Faix, Rob. “Digital Health Records: Pain and Gain.” Orlando Sentinel. (December 12, 2014). From: The Orlando Sentinel News Section on page A20.

“Beth Israel Agrees To Pay $100K To Settle 2012 Data Breach Case.” iHealthBeat. (November 25, 2014). From: http://www.ihealthbeat.org/articles/2014/11/25/beth-israel-agrees-to-pay-100k-to-settle-2012-data-breach-case?view=print

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.


“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Internal Medicine Specialists Should Be Aware of Impending Medicare Audits

6 Indest-2008-3Coming to a medical practice near you. . . It’s scary, it’s horrible, and it could cost you a lot of money!

It’s the dreaded Comprehensive Error Rate Testing (CERT) audit.

The Horror! The Horror!

First Coast Service Options, the Medicare contractor for Florida, announced a new prepayment audit program that will impact Internal Medicine Specialists. The prepayment program is focused on Initial and Subsequent Hospital Evaluation and Management Services, CPT Codes 99223 and 99233. The program is being launched due to the high CERT error rate associated with these codes.

The audits will start on October 21, 2014.

What is the CERT Program?

CMS created the CERT program to measure the paid claims error rate for Medicare claims submitted to Medicare administrative contractors, carriers, durable medical equipment regional carriers, and Medicare Administrative Contractors (MACs). CMS receives more than two billion claims annually. The CERT program randomly selects approximately 120,000 of these claims for review to determine whether the claims were properly paid.

Statistical samples are selected and the CERT documentation contractor (CDC) submits documentation requests to those providers who submitted affected claims. Once the requested documentation has been received, the information is forwarded to the CERT review contractor (CRC) for review. The CRC will review the claims and supporting documentation to measure compliance with Medicare coverage, coding and billing rules. Click here to read my previous blog on the CERT Program.

How Internal Medicine Specialists Can Avoid CERT Audits.

First Coast is only targeting Internal Medicine Specialists as their data analysis suggests the specialty is the primary contributor to an elevated CERT error rate. Errors are normally cause by insufficient documentation to justify the service.

Healthcare providers designated as Internal Medicine with First Coast Service Options need to pay special attention to this audit program and the documentation requirements for billing 99223 and 99233 codes. If you find yourself or your practice the target of a CERT audit, click here for tips on how to respond.

Our Thoughts on the CERT Program.

In working with the CERT Program, we have been pleasantly surprised when our personal phone calls to the CERT auditors have been answered and actual accurate information provided, as well as letters and documents we provided being promptly acknowledged. Like with any other audit, however, we urge those being audited to seek the advice of an experienced health law attorney who may be able to assist in heading off and avoiding a more serious investigation or a large repayment demand.

Comments?

Have you heard of CERT audits? Has your practice encountered a CERT audit? Please leave any thoughtful comments below.

Don’t Wait Until It’s Too Late; Consult with a Health Law Attorney Experienced in Medicare and Medicaid Issues Now.

The attorneys of The Health Law Firm represent healthcare providers in Medicare audits, ZPIC audits and RAC audits throughout Florida and across the U.S. They also represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in Medicare and Medicaid investigations, audits, recovery actions and termination from the Medicare or Medicaid Program.

For more information please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1996-2014 The Health Law Firm. All rights reserved.

Cyber Attack at Community Health Systems Affects 4.5 Million Patients-Could This be a New Trend?

Patricia's Photos 013By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar  in Health Law

On August 18, 2014, Community Health Systems, a Tennessee-based hospital chain that has 206 hospitals in 29 states, announced that its computer system was hacked. According to a number of news reports, an outside group of hackers, originating in China, used highly sophisticated malware and technology to steal 4.5 million patients’ non-medical data. The hackers were able to obtain patients’ names, Social Security numbers, addresses, birth dates, and telephone numbers.

According to the Orlando Sentinel, in Florida, St. Cloud Surgical Associates, St. Cloud Medical Group, and Urology Associates of St. Cloud were among the practices where medical data was stolen. The article did not mention how many patients in Florida were affected. Click here to read the story from the Orlando Sentinel.

How Community Health Systems will Handle Being Hacked.

According to The New York Times, Community Health Systems believes the attacks happened from April to June 2014. The company will be notifying affected patients and agencies under the Health Insurance Portability and Accountability Act (HIPAA).

The hospital system is now working with a security company to investigate the incident and help prevent future attacks. Federal law enforcement agents are also investigating the incident. Click here to read the entire article from The New York Times.

Because this breach affected more than 500 individuals, it will soon be posted on the Office for Civil Rights (OCR) Department of Health and Human Services’ (HHS) Wall of Shame. The law requires that any breach involving 500 or more individuals be publicly posted. To learn more on the Wall of Shame, click here for my previous blog.

Protect Your Practice As Best You Can From Cyber Attacks.

Cyber hacking in the medical community appears to be a crime of opportunity. Quickly there are becoming two types of companies: those that have been hacked and those that will be hacked.

While there is no way to guarantee protection from extrusion and external sources, there are steps that can be taken. For medical practices, many of these are required as part of a HIPAA risk assessment. Some areas to focus on include:

–    Background checks;
–    Comprehensive policies and procedures;
–    Vigilance when it comes to monitoring and data-leakage prevention tools; and
–    Employee education.

Medical practices are going to become bigger targets as the health care industry transitions to electronic health records. In addition, the hacking community is figuring out it is easier to hack a hospital or private practice, than it is a bank and you get the same information. To learn more on HIPAA risk assessments, click here.

Comments?

How do you protect your medical practice from hackers? Do you have regular risk assessments? Why or why not? Please leave any thoughtful comments below.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at http://www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Perlroth, Nicole. “Hack of Community Health Systems Affects 4.5 Million Patients.” The New York Times. (August 18, 2014). From: http://nyti.ms/1pFpujC

Kutscher, Beth. “Chinese Hackers Hit Community Health Systems; Other Vulnerable.” Modern Healthcare. (August 18, 2014). From: http://bit.ly/1BxsLqH

Jacobson, Susan. “St. Cloud Medical Patients’ Information Among Millions Stolen in Cyber Attack.” (August 18, 2014). From: http://www.orlandosentinel.com/business/os-hospital-data-breach-st-cloud-20140818,0,3157319.story

Rose, Rachel. “Protecting Your Medical Practices From Cyber Threats.” Physicians Practice. (July 17, 2014). From: http://www.physicianspractice.com/blog/protecting-your-medical-practice-cyberthreats

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. http://www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.