Spencer Fane LLP Logo

Stacy Harper

Partner

T 913.327.5120
F 913.345.0736
sharper@spencerfane.com

Structuring Physician Relationships After Forest Park

If a relationship with physicians or other referral sources has been structured to carve out Medicare and Medicaid patients to avoid triggering Anti-Kickback Statute requirements, it is time to review the compliance of the relationship.

Maintaining Compliance with Substance Use Disorder Information

Does your organization provide substance use treatment services or receive information from a treatment program that identifies an individual as having a substance use disorder?  If so, your organization may be subject to 42 C.F.R. Part 2 and may have obligations to amend contractual provisions to maintain compliance.

Cyber Resolutions for the New Year

As we enter 2019, social media is flooded with resolutions for self-improvement, let us propose a few:

Updated Tools for Your HIPAA Toolkit: Security Risk Assessment

In the wake of the record setting $16 Million dollar settlement and resolution agreement with Anthem, Inc, the Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC) released a new version of their Security Risk Assessment tool.  The new tool and recent settlement agreement renew the emphasis of OCR on the performance of HIPAA Security Risk Assessments by covered entities and their business associates.  

The Data Breach Tide is Shifting Toward Proactive Security Obligations

When an organization faces a security incident, it is thrown into a complicated analysis of forty-seven state breach notification laws.  With the laws based on the residence of the affected consumer, consideration must be given to the variances in the definition of a breach that triggers notification; the content, timing, and manner of notification; additional regulatory, credit agency, or media communications; and potential litigation or enforcement.  Thus, the states in which an organization provides goods or services and collects personal information can have a significant impact on obligations following a security incident.