On August 8th, 2016, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date with Advocate Health Care System (Advocate). Advocate agreed to pay $5.55 million to settle a variety of HIPAA violations. Advocate is the largest health system in Illinois and operates more than 400 sites of care with 12 acute care hospitals. This settlement comes in the wake of a series of recent HIPAA violation settlements and other enforcement activities by OCR, including phase 2 of the HIPAA audit program.
Tag Archives: Health and Human Services
The U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) recently released a “crosswalk” developed with the National Institute of Standards and Technology (NIST) mapping the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the NIST Framework for Improving Critical infrastructure Cybersecurity (the Framework). This crosswalk was developed in order to assist healthcare organizations improve cybersecurity preparedness by using the Framework as a common language. The crosswalk also includes mappings to other commonly used security frameworks.
HRSA 340B Drug Discount Program “Omnibus” Regulation Published – Comment Period Open Until October 27, 2015
On Friday, August 28, 2015, the U.S. Department of Health and Human Services (HHS) Health Resources and Services Administration (HRSA) proposed its long-awaited “Omnibus” regulation for the 340B Drug Discount Program in the Federal Register (the “Proposed Rule”). The 340B Drug Discount Program is the program by which drug and biologic manufacturers are generally required to offer their products at potentially steeply discounted prices to certain purchasers, generally “safety net” entities such as certain hospitals (called “covered entities”). Public comments on the Proposed Rule will be accepted by HRSA until October 27, 2015. Pharmaceutical and hospital industry stakeholders are encouraged to review the proposals carefully to evaluate whether there are areas of particular concern. Continue reading
21st Century Cures Passes House of Representatives; Ups the Ante for HHS Grant and Contracting Fraud
Earlier today H.R. 6, “21st Century Cures”, passed the House of Representatives by an overwhelming vote of 344-77. Among the myriad provisions, the bill contains language creating civil money penalties (CMPs) for fraudulent grants and contracting with the Department of Health of Human Services (HHS). According to a summary of the bill provided by the House Energy and Commerce, section 4006 “would clarify and expand the HHS Office of the Inspector General’s authority to use civil monetary penalties in cases of proven HHS grant or contract fraud.” The text of section 4006 can be found here (starting on page 336). Specifically, section 4006 allows the Secretary of HHS to seek:
- A maximum of $10,000 per claim for knowingly presenting or causing to be presented a false or fraudulent specified claim under an HHS contract or grant;
- A maximum of $50,000 for each instance of knowingly making, using, or causing to be made or used a false statement, omission, or misrepresentation of material fact in a document required to be submitted to receive or retain funds under an HHS contract or grant;
- A maximum of $50,000 per claim or record for knowingly making, using, or causing to be made or used a false record or statement that is material to a false or fraudulent “specified claim”;
- A maximum of $50,000 per record or statement for knowingly making, using, or causing to be made or used a false record or statement material to an obligation to pay or transmit funds or property owed to HHS with respect to an HHS grant or contract;
- A maximum $10,000 per day for knowingly concealing, or knowingly and improperly avoiding or decreasing, an obligation owed to HHS with respect to an HHS grant or contract; and
- A maximum of $15,000 per day for failing to grant timely access to the HHS Office of Inspector General (OIG) upon reasonable request for audits or to carry out other statutory functions in matters involving an HHS grant or contract.
The mobile medical application marketplace has developed into a $68 billion industry; however, the U.S. Department of Health and Human Services (HHS) has not yet updated guidance regarding the Health Insurance Portability and Accountability Act’s (HIPAA) application to app developers that collect and use sensitive personal data. In response to a request by a group of mobile app developers asking for clarification, Tom Marino, R-Pa, and Peter DeFazio, D-Ore., wrote a letter to HHS Secretary Sylvia Mathews Burwell outlining four steps that regulators should take to clarify how HIPAA applies to mobile medial apps. Continue reading
On August 4, 2014, the United States Department of Health and Human Services (HHS) issued a final rule delaying the compliance date for health care providers, health plans, and health care clearinghouses to transition to the International Classification of Diseases, 10th Revision (ICD-10) until October 1, 2015. Continue reading