Tag Archives: Health and Human Services

Advocate Data Breaches Result in Largest HIPAA Settlement To Date

On August 8th, 2016, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date with Advocate Health Care System (Advocate).  Advocate agreed to pay $5.55 million to settle a variety of HIPAA violations.  Advocate is the largest health system in Illinois and operates more than 400 sites of care with 12 acute care hospitals.  This settlement comes in the wake of a series of recent HIPAA violation settlements and other enforcement activities by OCR, including phase 2 of the HIPAA audit program.

Continue reading

Leave a comment

Filed under HIPAA, HITECH Act, Privacy and Security

HHS Releases Crosswalk Between HIPAA Security Rule and NIST Framework

The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR)  recently released a “crosswalk” developed with the National Institute of Standards and Technology (NIST) mapping  the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the NIST Framework for Improving Critical infrastructure Cybersecurity (the Framework).  This crosswalk was developed in order to assist healthcare organizations improve cybersecurity preparedness by using the Framework as a common language.  The crosswalk also includes mappings to other commonly used security frameworks.

Continue reading

Leave a comment

Filed under Health Care, Health Information Privacy, Health IT, HIPAA, Privacy and Security, Technology

“Common Rule” Overhaul Proposed – Intended to Modernize Human Research Subject Protections

On September 2, 2015, sixteen federal agencies and departments jointly issued a Notice of Proposed Rulemaking (“the NPRM”), designed to “modernize, strengthen, and make more effective” the so-called “Common Rule”.  The Common Rule is a uniform federal policy for the Protection of Human Subjects, originally issued in 1991. The U.S. agencies and departments adopting the Common Rule generally agree to the same set of basic protections to be applicable to human subject research activities they will conduct or support, but adopt such protections within their own applicable regulations. The NPRM is expected to appear in the September 8, 2015, issue of the Federal Register, and to be open for public comment through December 7, 2015.

Continue reading

Leave a comment

Filed under Clinical Trials, Compliance, FDA, Health Care

HRSA 340B Drug Discount Program “Omnibus” Regulation Published – Comment Period Open Until October 27, 2015

On Friday, August 28, 2015, the U.S. Department of Health and Human Services (HHS) Health Resources and Services Administration (HRSA) proposed its long-awaited “Omnibus” regulation for the 340B Drug Discount Program in the Federal Register (the “Proposed Rule”).  The 340B Drug Discount Program is the program by which drug and biologic manufacturers are generally required to offer their products at potentially steeply discounted prices to certain purchasers, generally “safety net” entities such as certain hospitals (called “covered entities”).  Public comments on the Proposed Rule will be accepted by HRSA until October 27, 2015.  Pharmaceutical and hospital industry stakeholders are encouraged to review the proposals carefully to evaluate whether there are areas of particular concern. Continue reading

Leave a comment

Filed under 340B, Compliance, Coverage and Reimbursement, Government Pricing, Health Care

21st Century Cures Passes House of Representatives; Ups the Ante for HHS Grant and Contracting Fraud

Earlier today H.R. 6, “21st Century Cures”, passed the House of Representatives by an overwhelming vote of 344-77.  Among the myriad provisions, the bill contains language creating civil money penalties (CMPs) for fraudulent grants and contracting with the Department of Health of Human Services (HHS). According to a summary of the bill provided by the House Energy and Commerce, section 4006 “would clarify and expand the HHS Office of the Inspector General’s authority to use civil monetary penalties in cases of proven HHS grant or contract fraud.” The text of section 4006 can be found here (starting on page 336). Specifically, section 4006 allows the Secretary of HHS to seek:

  • A maximum of $10,000 per claim for knowingly presenting or causing to be presented a false or fraudulent specified claim under an HHS contract or grant;
  • A maximum of $50,000 for each instance of knowingly making, using, or causing to be made or used a false statement, omission, or misrepresentation of material fact in a document required to be submitted to receive or retain funds under an HHS contract or grant;
  • A maximum of $50,000 per claim or record for knowingly making, using, or causing to be made or used a false record or statement that is material to a false or fraudulent “specified claim”;
  • A maximum of $50,000 per record or statement for knowingly making, using, or causing to be made or used a false record or statement material to an obligation to pay or transmit funds or property owed to HHS with respect to an HHS grant or contract;
  • A maximum $10,000 per day for knowingly concealing, or knowingly and improperly avoiding or decreasing, an obligation owed to HHS with respect to an HHS grant or contract; and
  • A maximum of $15,000 per day for failing to grant timely access to the HHS Office of Inspector General (OIG) upon reasonable request for audits or to carry out other statutory functions in matters involving an HHS grant or contract.

Continue reading

Leave a comment

Filed under Fraud and Abuse, Government Enforcement, Health Care, Health Reform

Lawmakers Call to Clarify HHS’ Mobile Medical App Regulation

The mobile medical application marketplace has developed into a $68 billion industry; however, the U.S. Department of Health and Human Services (HHS) has not yet updated guidance regarding the Health Insurance Portability and Accountability Act’s (HIPAA) application to app developers that collect and use sensitive personal data. In response to a request by a group of mobile app developers asking for clarification, Tom Marino, R-Pa, and Peter DeFazio, D-Ore., wrote a letter to HHS Secretary Sylvia Mathews Burwell outlining four steps that regulators should take to clarify how HIPAA applies to mobile medial apps. Continue reading

Leave a comment

Filed under Health Information Privacy, Health IT, HIPAA, Mobile Health

HHS Delays ICD-10 Implementation Requirements

On August 4, 2014, the United States Department of Health and Human Services (HHS) issued a final rule delaying the compliance date for health care providers, health plans, and health care clearinghouses to transition to the International Classification of Diseases, 10th Revision (ICD-10) until October 1, 2015.   Continue reading

Leave a comment

Filed under Coverage and Reimbursement, Industry Codes