Category: Government Enforcement

Enforcement Trend: Patient Assistance Programs

Multiple pharmaceutical companies have disclosed the receipt of subpoenas from various U.S. Attorney’s offices, including Massachusetts and the Southern District of New York, related to the companies’ patient assistance programs. Patient assistance programs also have been the subject of recent Congressional inquiries related generally to the increasing price of certain […]

OIG Issues Final Rule Re: Exclusion Authority

The Final Rule related to the Health and Human Services Office of Inspector General’s (OIG) exclusion authority pursuant to the Social Security Act (the Act), as amended by the Affordable Care Act (ACA) and the Medicare Prescription Drug, Improvement and Modernization Act of 2003 (MMA), was released last week. The Proposed […]

OIG Releases Criteria for Implementing Exclusion Authority

On April 18, 2016, the Health and Human Services Office of Inspector General (OIG) released updated guidance related to the criteria it may use for evaluating its permissive exclusion authority under Section 1128(b)(7) of the Social Security Act. This guidance replaces guidance previously released by the OIG in 1997. All of […]

FDA Issues Draft Guidance on Medical Device Cybersecurity

Recently, the U.S. Food and Drug Administration (FDA) published draft guidance entitled “Postmarket Management of Cybersecurity in Medical Devices” (the Guidance) that sets forth ways in which medical device manufacturers should monitor and address cybersecurity risks.  The Guidance is the latest manifestation of a federal agency weighing in on the continually […]

University of Washington Medicine Agrees to Settle Alleged HIPAA Breach

Last week, the University of Washington Medicine (UWM), an affiliated covered entity that includes multiple entities such as the University of Washington Medical Center, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $750,000 and implementing a substantial corrective action plan.

Lahey Hospital Agrees to Settle Alleged HIPAA Breach

Recently, Lahey Hospital and Medical Center (Lahey), a nonprofit teaching hospital located in Massachusetts, agreed to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $850,000 and adopting a robust corrective action plan.

University of Rochester Medical Center Reaches Agreement to Settle Alleged HIPAA Breach

Last week, the University of Rochester Medical Center (URMC) reached agreement with the New York Office of the Attorney General (NYOAG) to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) by paying $15,000 and adopting a substantial corrective action plan.