Presentation is loading. Please wait.

Presentation is loading. Please wait.

HIPAA © HIPAA Solutions, LC 2007 HIPAA Enforcement Risks Rising For Healthcare In 2007 Presented by Peter MacKoul, J.D.

Published byVictor Hancher Modified over 10 years ago

Similar presentations

Presentation on theme: "HIPAA © HIPAA Solutions, LC 2007 HIPAA Enforcement Risks Rising For Healthcare In 2007 Presented by Peter MacKoul, J.D."— Presentation transcript:

1 HIPAA © HIPAA Solutions, LC 2007 HIPAA Enforcement Risks Rising For Healthcare In 2007 Presented by Peter MacKoul, J.D.

2 © HIPAA Solutions, LC 2007 Agenda Introduction HIPAA Evolution HIPAA Environment Regulations Misconceptions Court Rulings Current Enforcement Environment OIG Audits At Piedmont Hospital - Federal Audits Cleveland Clinic – Criminal Conviction Herman v. Kratch – Civil Action Sorensen v. Barbudo – Civil Action Acosta v. Byrum – Civil Action Northwest Memorial Hospital v. John Ashcroft AG of US – Public Records State AGs Create Enforcement Departments Legislative & Agency Environment

3 © HIPAA Solutions, LC 2007 Introduction Peter MacKoul, Esq. is an attorney and technical analyst with over 15 years of legal and technical consulting experience in both public and private sectors for major organizations including Blue Cross, IBM, Nextel, General Dynamics, educational institutions and local government. His legal background includes criminal and civil law. His expertise includes the areas of HIPAA, IT development, Internet law, healthcare issues and handicapped access to technology involving law, technology, privacy, and security. He served as a subject matter expert on HIPAA Privacy and Security in Texas for the Governors Health Information Technology Advisory Committee (HITAC) which created recommendations on healthcare IT issues related to privacy and security, including Regional Health Information Organizations (RHIOs). Mr. MacKoul has published articles on HIPAA; created compliance training resources and has been a featured speaker on issues of privacy and security for regional IT security conferences (TRISC), the Texas Healthcare Association (THA) and major technology events. He has also been referenced in technology publications such as ComputerWorld on HIPAA and privacy.

4 © HIPAA Solutions, LC 2007 HIPAA Statutes Focused On Protection Of Patient Privacy Chaos In Early Compliance Environment Technology Advances Are Outstripping Business Processes Healthcare Efficiency Pushing Technology / EMRs Identity Theft, Fraud, Homeland Security Raising Awareness of Security and Privacy Issues In a report last year, the World Privacy Forum found that the number of Americans identifying themselves in government documents as victims of medical identity theft had nearly tripled in just four years, to more than a quarter-million in 2005. NBC News April 2007 HIPAA Evolution

5 © HIPAA Solutions, LC 2007 Privacy Is At The Heart Of HIPAA Security Compliance Cannot Be Achieved Without Addressing Privacy Issues First HIPAA Environment - Regulations

6 © HIPAA Solutions, LC 2007 HIPAA Compliance Is Voluntary Only Class Action Litigation Is Allowed Only Healthcare Providers Are Effected State Laws Can Supercede HIPAA HIPAA Will Ultimately Go Away The Feds Are Not Enforcing HIPAA Its Not Necessary to Conduct Thorough Remediation HIPAA Environment - Misconceptions

7 © HIPAA Solutions, LC 2007 US Attorneys District Courts Appellate Courts Federal Courts Regulatory Agencies HIPAA Environment – Court Rulings

8 © HIPAA Solutions, LC 2007 March 8, 2007, issue of MEDICARE ADVANTAGE NEWSMEDICARE ADVANTAGE NEWS In a surprise move, OIG on March 5 began the first audit of a provider's compliance with the HIPAA security regulation. The target: Piedmont Hospital in Atlanta. Auditors are expected to stay at the hospital three to four weeks and then forward their findings to CMS, which enforces the security rule. This is the government's first systematic hands- on examination of compliance with any HIPAA regulation. Enforcement – OIG Audits

9 © HIPAA Solutions, LC 2007 March 8, 2007, issue of MEDICARE ADVANTAGE NEWSMEDICARE ADVANTAGE NEWS An OIG spokeswoman says, "We can't answer questions about ongoing work. The number of audits to do has yet to be determined." OIG auditors plan to audit Piedmont's administrative, physical and technical safeguards the core requirements under the security regulation. This will include the hospital's policies and procedures relating to access to electronic protected health information (e-PHI); the risk assessment relative to e-PHI; electronically transmitting e-PHI; preventing, detecting, containing and correcting security violations; monitoring systems; remote access; wireless security; anti-virus mechanisms; firewalls; and other e-PHI security requirements. Enforcement – OIG Audits

10 © HIPAA Solutions, LC 2007 Former Hospital Employee and Co-Conspirator Sentenced to Prison for Medicare Fraud and Identity Theft In Ft. Lauderdale... Machado was employed at the Cleveland Clinic when she and her cousin Ferrer stole the personal information of Cleveland Clinic and MHA patients. That information included, among other things, the patients' names, dates of birth, Social Security numbers, Medicare numbers and addresses. Enforcement – Cleveland Clinic Criminal

11 © HIPAA Solutions, LC 2007 Civil action against a clinic for the unauthorized disclosure of medical information invasion of privacy and the and intentional infliction of emotional distress after clinic sent patient's personal medical records to her employer. - Herman v. Kratch, 2006 WL 3240680 (Ohio App. 8 Dist.) Enforcement – Herman v. Kratch - Civil

12 © HIPAA Solutions, LC 2007 The Appellate Court found in the unauthorized disclosure action that theclinic was liable for its unauthorized disclosure of patient's medical records; and with regard to the Invasion of Privacy tort, triable fact existed as to whether clinic's unauthorized disclosure of patient's medical records was the type of act that would cause a person of ordinary sensibilities outrage, mental suffering, shame, or humiliation. Herman v. Kratch, 2006 WL 3240680 (Ohio App. 8 Dist.) Enforcement – Herman v. Kratch - Civil

13 © HIPAA Solutions, LC 2007 The court stated: while the document authorizes the Clinic to release plaintiff's medical information for purposes of payment, that is not what occurred here. The Clinic does not dispute that plaintiff's bills should have been sent to United Healthcare for payment, not Nestle. There is nothing in the Clinic's [HIPAA], notice document that authorized the release of plaintiff's medical information to the wrong payor, whether accidentally or not. Enforcement – Herman v. Kratch - Civil

14 © HIPAA Solutions, LC 2007 Many HIPAA cases are used by courts in other jurisdictions to decide cases in front of them. A good example of this is Sorensen v. Barbuto and Acosta v. Byrum. The Sorensen case, (handed down from the Appellate Court in Utah), appears to be the first case enabling a plaintiff to use HIPAA as a standard of care to bring a private cause of action involving the intentional infliction of emotional distress. Enforcement – Sorensen v. Barbudo - Civil

15 © HIPAA Solutions, LC 2007 This case provides a legal method enabling plaintiffs attorneys to utilize HIPAA as a standard of care to bring an individual action using HIPAA privacy regulations and standards instead of attempting to bring an individual lawsuit directly under HIPAA itself which is not permitted.... This allegation does not state a cause of action under HIPAA. Rather, plaintiff cites to HIPAA as evidence of the appropriate standard of care, a necessary element of negligence... Acosta v. Byrum, 638 S.E.2d 246, 2006 Enforcement – Acosta v. Byrum - Civil

16 © HIPAA Solutions, LC 2007 Northwest Memorial Hospital v. John Ashcroft Attorney General of United States The Northwestern case involved the potential of having de-identified medical records involving partial birth abortions made a part of the trial record in New York, thus available to skillful Googlers, as characterized by the court. Enforcement – Northwest Case – Public Records

17 © HIPAA Solutions, LC 2007 Northwest Memorial Hospital v. John Ashcroft Attorney General of United States The court elaborated on this Internet issue, before ruling that the Attorney General of United States could not access and use these records, let alone have them available to web surfers.... This ruling is highly significant in that it interprets the HIPAA Privacy rule covering de- identification as not sufficient to protect an organization that follows the rules in a partial birth abortion case. Northwestern Memorial Hospital v. Ashcroft, 362 F. 3d. 923 at 929. Enforcement – Northwest Case – Public Records

18 © HIPAA Solutions, LC 2007 HIPAA Enforcement Swings from Voluntary Compliance to Punishment for Violation of Privacy and Security Laws as States Join Federal Enforcement Under Federal Mandate (PRWeb) November 28, 2006 -- Congress passed the 2006 False Claims Act. States are ordered to actively investigate and prosecute both providers as well as business associates effective January 1, 2007. States are required to create a False Claims Division and keep the overwhelming majority of fines recovered. Enforcement – State AGs Create Enforcement

19 © HIPAA Solutions, LC 2007 Since voluntary compliance has been ignored many providers for years, the Federal Government has examined how to make physical and electronic compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) reality. Whistleblowers will be awarded 15% of fines. Enforcement – State AGs Create Enforcement

20 © HIPAA Solutions, LC 2007 HHS Delegates HIPAA Subpoena Authority To OCR.... Notice is hereby given that I have delegated to the Director of the Office for Civil Rights the following authority vested in the Secretary of Health and Human Services. Subpoenas for the Health Insurance Portability and Accountability Act of 1996: Authority under Section 205(d) of the Social Security Act (42 U.S.C. 405(d)), with authority to redelegate, to issue subpoenas requiring the attendance and testimony of witnesses and the production of any evidence.... Michael O. Leavitt, Secretary. [FR Doc. 07–1872 Filed 4–13– 07; 8:45 am]... Legislative & Agencies

21 © HIPAA Solutions, LC 2007 GAO blasts HHS on IT, privacy January 2007 GAO recommends that HHS define and implement an overall privacy approach that identifies milestones for integrating the outcomes of its initiatives, ensures that key privacy principles are fully addressed, and addresses challenges associated with the nationwide exchange of health information. Legislative & Agencies

22 © HIPAA Solutions, LC 2007 Summary Health Care Privacy & HIPAA Are Here To Stay Courts & Prosecutors Are Using HIPAA Privacy Compliance MUST Be A First Step In Security Technology Is Not A Replacement For Sound Business Processes Peter MacKoul, J.D. HIPAA Solutions, LC Peter.MacKoul@hipaasolutions.org www.hipaasolutions.org Toll Free: 877-779-3004

Download ppt "HIPAA © HIPAA Solutions, LC 2007 HIPAA Enforcement Risks Rising For Healthcare In 2007 Presented by Peter MacKoul, J.D."

Similar presentations

Component 1: Introduction to Health Care and Public Health in the U.S. Unit 6: Regulating Health Care Lecture 4 This material was developed by Oregon Health.

Component 1: Introduction to Health Care and Public Health in the U.S. Unit 6: Regulating Health Care Lecture 4 This material was developed by Oregon Health.
Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
HIPAA AWARENESS TRAINING

HIPAA AWARENESS TRAINING
The Deficit Reduction Act, 2005. Deficit Reduction Act of 2005 In the Deficit Reduction Act of 2005 (DRA) Congress, for the first time, has mandated healthcare.

The Deficit Reduction Act, Deficit Reduction Act of 2005 In the Deficit Reduction Act of 2005 (DRA) Congress, for the first time, has mandated healthcare.
1 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18, 2008 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18,

1 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18, 2008 The Current Reality of HIPAA Meredith L. Borden Venable LLP © April 18,
Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.

Independent Contractor Orientation HIPAA What Is HIPAA? Health Insurance Portability and Accountability Act of 1996 The Health Insurance Portability.
Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.

Presented by Elena Chan, UCSF Pharm.D. Candidate Tiffany Jew, USC Pharm.D. Candidate March 14, 2007 P HARMACEUTICAL C ONSULTANTS, I NC. P RO P HARMA HIPAA.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.

HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.

Health Insurance Portability and Accountability Act HIPAA Education for Volunteers and Students.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.
What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,

What is HIPAA? This presentation was created by The University of Arizona Privacy Office, The Office for the Responsible Conduct of Research on March 5,
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept. 2004.

ITEC 6324 Health Insurance Portability and Accountability (HIPAA) Act of 1996 Instructor: Dr. E. Crowley Name: Victor Wong Date: 2 Sept
HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Similar presentations

Ads by Google