• Our Firm
• Services
• Contact
• Resources
• Store

Latest News:

FTC "Red Flag Rules" cannot be applied to lawyers. A federal district court in Washington D.C. ruled in favor of a challenge brought by the American Bar Association against the FTC "Red Flag Rules" application to lawyers and law firms. According to the court, "FTC's interpretation of,,, the Red Flags Rule...is both plainly erroneous and inconsistent with the purpose underlying the enactment of the FACT Act. The Commission not only seeks to extend its regulatory power beyond that authorized by Congress, but it also untimely and arbitrarily selects monthly invoice billing as the activity it seeks to regulate." The Court's opinion does not create confidence that the FTC will be any more successful in applying the rule very broadly and will likely hasten Congressional action to amend the law. Court Opinion

Small businesses and small health care practices affected by the “Red Flag Rules” have continuously and bitterly complained about the cost and bother of compliance. Congress has "sensed" the bitterness and on October 21st the House unanimously passed H.R. 3763 which exempts small businesses from the Red Flag Rules. The legislation is pending in the Senate Banking Committee.

The bill provides exclusions for the following businesses with fewer than 20 employees - Health care practices, Accounting practices, and Legal practices. In addition, "any other business, if the [FTC] determines, following an application for exclusion by such business, that such business— knows all of its customers or clients individually; only performs services in or around the residences of its customers; or has not experienced incidents of identity theft and identity theft is rare for businesses of that type.”

IHHS and FTC issue new proposals governing notice of breach of confidentiality - The new federal stimulus law (ARRA) doesn't just stimulate the economy; it gives a new jolt to HIPAA. Most have put the mad HIPAA compliance scramble behind them; but, ARRA expands HIPAA to "business associates" and increases the authority of HHS over health information. Where HIPAA required that business associate agreements contain certain disclosure and security provisions, these provisions will now directly apply to business associates. In addition, other new laws will affect health record security. With a probable effective date no later than September 16th, "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA) will be required to give notice of breaches in the security of protected health information, and "business associates" of HIPAA-covered entities will be required to report such breaches to the covered entities. Similar FTC rules will govern breach notification provisions for businesses with health information that are not covered by HIPAA. Read the FTC proposal here and the HHS proposal here.

 

House health care reform up in the air. In all likelihood, health care reform will devolve into a long term health insurance reform measure similar to the changes witnessed with HIPAA - portability, limits on preexisting conditions, etc. The Firm has stopped anlyzing proposals until we have some idea of where this health care reform change is headed and what proposal has favor.

HHS Issues new regulations increasing HIPAA violation penalties - On October 30 [Happy Halloween], the U.S. Department of Health and Human Services issued new interim final regulations substantially increasing penalties for HIPAA violations and removing some defenses against penalties. These changes follow Congressional action earlier in the year that beefed up HIPAA standards and enforcement. You will be punished for violations that occur after February 18, 2009, as follows:

• If you did not know of the violation and would not have known even with reasonable diligence, the civil fine is at least $100 for each violation up to $50,000 for each violation.
• If the violation was due to "reasonable cause" but not "willful neglect", the civil fine is at least $1,000 for each violation.
• If the violation was a result of "willful neglect" and the problem is fixed within 30 days of violation, the minimum fine is $10,000 for each violation.
• If the violation was a result of "willful neglect" and the problem is not fixed within 30 days of violation, the minimum fine is $50,000 for each violation.
• There is an annual limit of $1.5 million in fines for identical violations.

You may still avoid penalties if you correct the problems within 30 days and the violation is not due to "willful neglect." Willful neglect means in essence, that you just didn't care whether you met your obligations under HIPAA. Read the Regulation

Information:

Electronic Medical Records - A very useful guide to electronic medical records has been developed by the Texas Medical Association. With permission, we have included a link to the report here. The Electronic Medical Record Implementation Guide, The Link to a Better Future was developed by the Texas Medical Association Special Funds Foundation through a grant from The Physicians Foundation. The Physicians Foundation devotes its resources to helping practicing physicians improve the care they deliver to their patients. The Foundation provides grants to nonprofit organizations for practice-based, innovative projects that improve the quality of healthcare. For more information visit: www.physiciansfoundation.org.

OIG & CMS Gear up for HIPAA security audits - Lawyers for health care practitioners are getting ready to defend against federal audits of health care practitioners and hospitals for compliance with HIPAA security regulations.  While HIPAA compliance is scalable, if you have not done a self-audit of your clinic or facility, now is the time. Also, if you have not trained you staff as required by HIPAA, HCCS has  an interactive course to train staff in HIPAA Privacy and Security which has been updated within recent months. HIPAA Training