Health Care Law Blog

DHHS Revises and Clarifies Guidelines for Patients’ Informed Consent When Providing Sensitive Medical Care

In recent years, Michigan has been home to two of the largest sexual abuse scandals involving doctors in history: the sexual abuse committed by Larry Nassar while employed by Michigan State University and the sexual abuse committed by Robert Anderson while employed by the University of Michigan. In both circumstances, the former doctors carried out their sexual abuse under the guise of medical procedures and without the informed consent of their targets. Michigan is not alone in being home to these types of sexual abuse scandals as similar acts have been alleged to have been committed by many other health care providers, such as Richard Strauss (Ohio State University), George Tyndall (University of Southern California), Derrick Todd (Bringham and Women’s Faulkner Hospital (Boston, MA)), Major Michael Stockin (United States Army), amongst others. Read More ›

Categories: Health Care Reform, Hospitals, Lawsuit, Medicare/Medicaid, Privacy

Posted by: Alexander S. Rusek

  |  Contact Author

Share  | 

Nursing Homes Should Review Privacy Policies in Light of Recent CMS Guidance

A recent Memorandum issued by the Centers for Medicare & Medicaid Services ("CMS") to state survey agency directors (the "Memorandum") discusses a nursing home's responsibility to protect residents' privacy, particularly with regard to social media. The Memorandum was issued following a series of media reports documenting the inappropriate posting of residents' photographs on social media by nursing home staff.  Read More ›

Categories: HIPAA, Medicare/Medicaid, Privacy

Posted by: Julie LaVille Hamlet, Jennifer B. Van Regenmorter

  |  Contact Author

Share  | 

OCR Issues Clarifying Guidance on HIPAA Privacy Rule Regarding Access to Protected Health Information

The Office of Civil Rights (“OCR”) recently issued new guidance (“Guidance”) concerning the right of individuals to access their protected health information (“PHI”) under the HIPAA Privacy Rule. The OCR explained in the Guidance that based on its enforcement experience and recent studies, individuals continue to have difficulty accessing information - even from entities required to comply with the HIPAA Privacy Rule. This is also despite improvements in technology that make access more readily available. Bottom line is that individuals must have access to their PHI and health providers need to be providing such access.

However, the Guidance further clarifies a number of issues, including permissible charges for providing information to patients, security issues, submission of requests for information, and the manner for providing access to information. Read More ›

Categories: HIPAA, News & Events, Privacy

Posted by: Julie LaVille Hamlet

  |  Contact Author

Share  | 

HHS Issues HIPAA “Basics” Fact Sheet

The Department of Health and Human Services (“HHS”) recently released a HIPAA overview called “HIPAA Basics for Providers: Privacy, Security, and Breach Notification Rules” (the “Overview”). The Overview is intended to provide HIPAA Covered Entities such as physicians, hospitals, and other health care providers with a basic overview of HIPAA’s rules and responsibilities. The fact sheet also provides an overview to Business Associates (such as law firms and accounting firms who receive protected health information ("PHI") from Covered Entities). The Overview can be found here.

The Overview explains that the HIPAA Privacy Rule protects individually identifiable PHI, which includes information such as an individual’s past, present, or future physical or mental health condition. Read More ›

Categories: HIPAA, News & Events, Privacy, Providers

Posted by: Julie LaVille Hamlet

  |  Contact Author

Share  | 

2015 Michigan Health Law Update

On March 12, 2015 Foster Swift Attorney Jennifer Van Regenmorter co-presented the Michigan Health Law Update (“Annual Update”) at the 21^st Annual Health Law Institute. The Annual Update provides an overview of the most significant Michigan-specific health law developments from the past year, many of which have been covered on this blog. This article will summarize the highlights from this year’s Annual Update. Read More ›

Categories: Hospitals, Insurance, Licensing, Medicare/Medicaid, News & Events, Privacy

Posted by: Julie LaVille Hamlet

  |  Contact Author

Share  | 

Court Decertifies Class Action Suit against Henry Ford Health System for Data Breach

The Michigan Court of Appeals recently decertified a class action suit against Henry Ford Health System (HFHS) and its subcontractor, a medical transcription service, for inadvertently disclosing sensitive patient information online. On December 18, 2014, a unanimous three-judge panel reversed the trial court’s denial of summary judgment in favor of the defendants. The court held that an invasion of privacy claim requires an intentional act rather than mere negligence and that the plaintiff’s claims for negligence and breach of contract require proof of an actual injury.

The class consisted of 159 patients who visited HFHS between June 3, 2008 and July 18, 2008. The case arose when the defendant subcontractor made a configuration change to its server which left certain patient records unsecured. As a result, Google’s automated web server, “Googlebot,” indexed the information and made it available for users to search online. The information included each patient’s name, date of service, and diagnoses. The unnamed lead plaintiff alleged that her records revealed a sexually transmitted disease.  Read More ›

Categories: Electronic Health Records, Privacy

Posted by: Julie LaVille Hamlet

  |  Contact Author

Share  | 

HHS Addresses Treatment of Same-Sex Spouses Under HIPAA

Last month, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued guidance addressing the treatment of same-sex spouses under the HIPAA Privacy Rule in light of the Supreme Court’s decision in United States v. Windsor.

In Windsor, the Supreme Court held Section 3 of the Defense of Marriage Act (“DOMA”) to be unconstitutional. Section 3 of DOMA had excluded same-sex marriages from recognition under federal law.

As a result of the Windsor ruling, legally married same-sex spouses are entitled to additional rights under several federal regulations, one of which is the HIPAA Privacy Rule ("Rule"). The Rule provides certain protections to family members of patients.  In its guidance, OCR clarifies that legally married same-sex spouses are family members for the purposes of the Rule, regardless of where they live.  Read More ›

Categories: HIPAA, Privacy

Posted by: Julie LaVille Hamlet

  |  Contact Author

Share  | 

How Technology is Transforming Healthcare

While the healthcare industry has historically been knocked as slow to adapt to emerging technologies, the technological modernization of the industry is now occurring at a furious pace. From the digitization of health care records, to improved means of communications between doctors and patients, technology is transforming healthcare.

Tech behemoths like IBM, as well as scrappy Silicon Valley startups, have recognized the potential and are pouring resources into healthcare IT. According to data from investment company Rock Health, venture capital funding to healthcare information technology companies for 2014 reached $2.3 billion as of mid-year 2014. That's more than 10 times the nearly $200 million that was invested in healthcare IT in 2007.

One of the healthcare industry's newest tech innovations, called Figure 1, is the brainchild of a doctor named Josh Landy. Figure 1 is an Instagram-style app that allows doctors to share photos of patient conditions with other medical professionals in order to get their opinions regarding diagnosis and treatment. Read More ›

Categories: Physicians, Privacy

Posted by: Julie LaVille Hamlet

  |  Contact Author

Share  | 

Hackers Declare War on Health Care and Industry Fights Back

"It's a war we're in." That's how John Halamka, the chief information officer of Boston-based Beth Israel Deaconess Medical Center, described the current state of affairs between the health care industry and the hackers and identity thieves who are trying to steal patient records.

A recent Boston Globe article detailed the threat and provided some interesting - and sobering - statistics and information:

• There is high demand for health records, and a single health record may be worth $50 according to the FBI
• Criminal intrusions into health care systems have risen 100 percent in the past four years
• Of 614 total identity theft breaches in 2013, 269 (43.8 percent) were in health care (the most of any industry)
• Despite being the subject of the most attacks, a recent study by BitSight Technologies found that health care providers are the slowest in any industry to respond to data breaches.

Hackers are motivated to target health records in order to facilitate identity theft, financial fraud and illegal drug use. The Boston Globe article, in particular, highlighted two recent incidents involving cyber-security breaches:  (1) Chinese hackers seized the personal information of 4.5 million patients at a Tennessee-based hospital network, and (2) federal officials disclosed on September 4 that a hacker managed to install malicious software on HealthCare.gov. Read More ›

Categories: Electronic Health Records, Hospitals, Privacy, Providers

Posted by: Nicholas M. Oertel

  |  Contact Author

Share  | 

Cyberattacks on Hospitals – A Growing Epidemic

As hospitals and doctors across the country become more technologically sophisticated and use more and more medical devices that are connected to the Internet in some fashion, they are increasingly being attacked and compromised by sophisticated cyberattacks. Attacks on US hospitals’ medical data – which put patient records and personal information at risk – have more than doubled since 2010, according to a new study by the Ponemon Institute.

In its report, the Ponemon Institute states that 90 percent of health care institution respondents had at least one data breach in the last two years, while 38 percent had more than five data breaches during that same time period. While many of these breaches stemmed from lost or stolen computers, technical glitches, and third-party problems, several were due to criminal attacks. Read More ›

Categories: Criminal, Electronic Health Records, Hospitals, Privacy

Contact Author

Share  |