Electronic Health Records

The New Jersey Attorney General’s Office announced on October 12 that Diamond Institute for Infertility and Menopause, LLC, based in Millburn, NJ, will pay a $495,000 penalty for allegedly violating HIPAA and state law by failing to implement appropriate cybersecurity measures. The New Jersey Department of Law & Public Safety’s Division of Consumer Affairs investigated

The Federal Trade Commission (FTC) recently issued a policy statement confirming that vendors of apps and other connected devices that collect personal health information, such as glucose levels, heart rate, or fertility or sleep data, are subject to the FTC’s Health Breach Notification Rule. The rule, issued in 2009, requires vendors to notify consumers

Connecticut Governor Ned Lamont recently signed into law “An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses” (Public Act No. 21-119). Under the Act, “covered entities” that implement certain cybersecurity measures to protect against data breaches of “personal information” and “restricted information” will be insulated against the imposition of punitive damages arising

The proposed 2022 Medicare Physician Fee Schedule released on July 13 by the Centers for Medicare & Medicaid Services (CMS) includes a new category of CPT codes for “remote therapeutic monitoring” (RTM). The new codes are in addition to the set of codes introduced in 2019 for remote physiological monitoring, usually called remote patient monitoring

On June 23, the Department of Health and Human Services Office of Inspector General (OIG) posted on its website an Issue Brief entitled “Medicare Lacks Consistent Oversight of Cybersecurity for Networked Medical Devices in Hospitals.” According to the OIG, the Centers for Medicare & Medicaid Services should amend interpretative guidelines or other nonbinding guidelines, or

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has pursued its HIPAA Right of Access Initiative since 2019. OCR’s 19th settlement under the initiative, with The Diabetes, Endocrinology & Lipidology Center, Inc. (DELC), curiously resulted in only a $5,000 fine. The West Virginia provider treats patients who have endocrine disorders.

The U.S. Department of Justice recently announced that CareCloud Health, a Florida-based developer of electronic health records software, agreed to pay $3.8 million to resolve a whistleblower’s allegations that it paid illegal kickbacks to generate sales of its products. CareCloud’s marketing referral program called the “Champions Program” allegedly violated the federal Anti-Kickback Statute (AKS) and

On April 6, Rivkin Radler’s Ben Malerba gave a presentation to members of the Coalition for Behavioral Health. The presentation was entitled “HIPAA in an Evolving Health Care Environment: Proposed Changes for 2021 and Response to COVID-19.”

The Coalition for Behavioral Health provides policy, advocacy, training and technical assistance to more than 100 community-based behavioral

A March 11 article in the Health Care Compliance Association’s Report on Patient Privacy, “In Wake of 16th OCR Settlement, Time For CEs, BAs to Take Right of Access Seriously,” discussed the Right of Access Initiative that the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has been pursuing since

For those providers who somehow missed or ignored the first 15 settlements in the series, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced that Sharp HealthCare, doing business as Sharp Rees-Stealy Medical Centers, agreed to pay a $70,000 fine for failing to provide a patient with timely access