If a relationship with physicians or other referral sources has been structured to carve out Medicare and Medicaid patients to avoid triggering Anti-Kickback Statute requirements, it is time to review the compliance of the relationship.
Does your organization provide substance use treatment services or receive information from a treatment program that identifies an individual as having a substance use disorder? If so, your organization may be subject to 42 C.F.R. Part 2 and may have obligations to amend contractual provisions to maintain compliance.
As we enter 2019, social media is flooded with resolutions for self-improvement, let us propose a few:
In the wake of the record setting $16 Million dollar settlement and resolution agreement with Anthem, Inc, the Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC) released a new version of their Security Risk Assessment tool. The new tool and recent settlement agreement renew the emphasis of OCR on the performance of HIPAA Security Risk Assessments by covered entities and their business associates.
When an organization faces a security incident, it is thrown into a complicated analysis of forty-seven state breach notification laws. With the laws based on the residence of the affected consumer, consideration must be given to the variances in the definition of a breach that triggers notification; the content, timing, and manner of notification; additional regulatory, credit agency, or media communications; and potential litigation or enforcement. Thus, the states in which an organization provides goods or services and collects personal information can have a significant impact on obligations following a security incident.