Hospital Liability for Employee HIPAA Breaches

Posted on February 13, 2015 by Breazeale Sachse

A hospital employee, who has been “HIPAA-trained” and admits to knowing better, accesses his ex-wife’s new boyfriend’s medical records and posts sensitive information on social media. Is the hospital liable for the employee’s actions?

First, assume that the hospital did nothing wrong. That requires the assumption that the employee was adequately trained, that the employee’s job required that he have access to this data, and that there was no way to otherwise limit the employee’s access. Continue reading →

CMS Released Final Rule Regarding Denying or Revoking Medicare Enrollment

Posted on December 5, 2014 by Breazeale Sachse

On December 3, 2014, the Centers for Medicare & Medicaid Services (CMS) released a Final Rule that provides CMS discretion to deny or revoke Medicare enrollment based on certain circumstances. The changes in the Final Rule allow CMS to: Continue reading →

CMS Issues Proposed ACO Rule to Address Industry Concerns and Encourage Participation in Alternative Risk-Based ACO Models

Posted on December 4, 2014 by Breazeale Sachse

On Monday, December 1, 2014, the Centers for Medicare & Medicaid Services (“CMS”) issued a Proposed Rule with several proposed changes to the regulations finalized in 2011 for Accountable Care Organizations (ACOs) participating in the Medicare Shared Savings Program (MSSP). According to CMS, the Proposed Rule is intended to reduce administrative burdens and improve program function and transparency for ACOs participating in the MSSP. There are currently 330 ACOs serving almost 5 million Medicare beneficiaries in 47 states. Continue reading →

OCR Bulletin: Ebola and HIPAA Privacy in Emergency Situations

Posted on November 21, 2014 by Breazeale Sachse

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently released a bulletin, HIPAA Privacy in Emergency Situations, reminding covered entities and their business associates that the protections of the HIPAA Privacy Rule are not set aside during an emergency. OCR explains that Privacy Rule is balanced to ensure that appropriate use and disclosures of protected health information (PHI) may still be made when necessary to treat a patient, protect the nation’s public health, and for other critical purposes. The bulletin further details the HIPAA Privacy Rule provisions which may allow covered entities and business associates to use or disclose PHI during an emergency.

Medicaid Settlement with DHH

Posted on November 12, 2014 by Breazeale Sachse

But Why? The right to know why Medicaid denied your claim

A recently filed lawsuit, Wells v. Kliebert, Secretary of the Louisiana DHH, 3:14-cv-00155, will be changing the face of Medicaid denial notices. Wells was filed against the Louisiana Department of Health and Human services alleging that the DHH systematically failed to give adequate notice and explanations of why Medicaid claims were denied. The suit alleged the lack of reasoning for the denials was a violation of the Due Process Clause of the U.S. Constitution. After the suit was preliminary certified as a class action, DHH and the class discussed a settlement for the matter. On October 24, 2014, The Middle District of Louisiana entered an order certifying the class in the suit and partially dismissing the suit, conditioned on the parties’ compliance with their agreed upon settlement. Continue reading →