SAMHSA Issues Final Rule Updating Substance Abuse Confidentiality Regulations Monday, January 8, 2018 The Substance Abuse and Mental Health Services Administration (SAMHSA), part of the U.S. Department of Health and Human Services (HHS), has finalized proposed changes to the Confidentiality of Substance Use Disorder Patient Records regulation, 42 CFR Part 2, aimed at supporting payment and healthcare operations activities while protecting the confidentiality of patients. Read more
CMS Issues Memorandum Clarifying Texting of Patient Information Among Healthcare Providers Saturday, December 30, 2017 In a memorandum issued December 28, 2017, the Centers for Medicare & Medicaid Services (CMS) clarified its position related to texting. In its memo, CMS stated that it "recognizes that the use of texting as a means of communication with other members of the healthcare team has become an essential and valuable means of communication among the team members. Read more
2018 Compliance Plan Work Friday, December 22, 2017 First and foremost, initially look backward before looking forward and look inward before looking outward and always be mindful of the goal of any work plan. The goal of a work plan is twofold: the obvious goal of addressing risk areas to advance fraud and abuse and HIPAA compliance as well as providing a credible narrative to regulatory and law enforcement authorities of the provider's demonstrated commitment to compliance evidenced by audits and remittances, as appropriate. Read more
$2.5 million settlement shows that not understanding HIPAA requirements creates risk Monday, April 24, 2017 The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI). CardioNet has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying $2.5 million and implementing a corrective action plan. This settlement is the first involving a wireless health services provider, as CardioNet provides remote mobile monitoring of and rapid response to patients at risk for cardiac arrhythmias. Read more
No Business Associate Agreement? $31K Mistake Thursday, April 20, 2017 The Center for Children's Digestive Health (CCDH) has paid the U.S. Department of Health and Human Services (HHS) $31,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to implement a corrective action plan. CCDH is a small, for-profit health care provider with a pediatric subspecialty practice that operates its practice in seven clinic locations in Illinois. Read more