Physician Practice and Hospital Pay $750,000 and $1.5 Million for Failure to Have HIPAA Business Associate Agreements

The Office for Civil Rights (OCR) recently announced two separate settlements with a hospital and a physician practice that highlight the importance of having HIPAA business associate agreements. Each of these HIPAA settlements were based on the failure to have a HIPAA business associate agreement in place with a third party that a hospital and a physician practice had disclosed patient’s healthcare information to perform certain administrative services. In each case, the third party recipients of patient electronic healthcare information committed or contributed to a breach under the HIPAA Privacy Rule. Continue reading

Supreme Court Urged to Reject Far Reaching “Implied Certification” Theory Under the False Claims Act

On April 19, 2016, the United States Supreme Court heard oral argument in Universal Health Services, Inc. vs. United States and Massachusetts ex. rel. Escobar. In Escobar, the Court will decide for the first time whether to embrace the theory of “implied certification” under the Federal False Claims Act (“FCA”), 31 U.S.C. §§3729-3733. Under that theory, a health services provider that requests payment from the Government for providing services while knowing, but not disclosing, that the services failed to meet requirements that were material to payment is deemed to have presented a false or fraudulent claim under the FCA. In other words, the theory states that the provider impliedly certifies that the billed for services meet the applicable requirements merely by submitting the claim for payment. Most Federal circuits which have considered the theory have adopted it in one form or another. Continue reading