Oscislawski LLC

Oscislawski LLC Blogs

Latest from Oscislawski LLC

OCR releases 5 new HIPAA settlements all at once Heavy focus on behavioral health providers Sends message to health care industry “patients are entitled to timely access to their own medical information” Yesterday, all at once, OCR announced that it has entered into five new Resolution Agreements — each of them stemming from one or more violations of HIPAA’s right of  access afforded to individuals. There are several interesting observations about these new cases that…
At the last hour, CMS extended the deadline for publishing much anticipated changes to the Stark Law. Originally expected for publication this past August, CMS extended the deadline to August 2021, noting that “… we are still working through the complexity of the issues raised by comments received on the proposed rule and therefore we are not able to meet the announced publication target date.”  The OIG’s proposed counterpart rule implementing changes under the…
WHEN:  Thursday, September 17, 2020 12:00-2:30 p.m. EST. WHERE:  Virtual event on Zoom. Link and access code will be provided upon registration. This event is FREE. NJ CLE Credits Pending Panel One: Balancing Privacy and Public Health Efforts to contain the COVID-19 pandemic can impact privacy rights of patients, those at risk, and the general population.The first panel will include topics addressing: What are the duties of healthcare providers to report patients’ COVID-19 information? How should governments track…
After over almost four months of no new HIPAA Resolution Agreements or Civil Money Penalties, OCR quietly posted two new HIPAA settlement agreements at the end of July.  At first glance, both appear to be “run-of-the-mill” cases with nothing new to learn with the first one resulting in OCR finding that the covered entity failed to complete a basic Security Risk Analysis and train workforce, and the other involved – yet again – a stolen…
Public comment period to FTC’s Health Breach Notification Rule closed August 20, 2020. The CARES Act amendments will require SAMHSA to add Breach Notification provisions to 42 CFR Part 2. Healthcare providers, vendors of PHRs and Part 2 providers and programs will need to keep an eye out for coming regulations which will require updates to Breach Notification P&Ps. Subscribe to HERE to Legal HIE’s compliance library to gain access to sample policies, documents and…
Here is the pertinent information straight from the HealthIT.gov website: Application Due Date:  September 1, 2020 Anticipated Award Date: September 30, 2020 Awardees in the STAR HIE Program (Program) will build upon previous and existing federal investments in health information exchanges (HIEs) and will leverage work done by the industry to advance HIE services for the benefit of public health. The result of these efforts would be improved linkages between public health agencies and the services…
The extended deadline for hospitals to submit their hardship applications for the Medicare Promoting Interoperability Program is approaching.  Hospitals have until September 1 to file for a hardship for the 2019 reporting period and avoid negative payment adjustments in 2021.  Available exceptions include extreme and uncontrollable circumstances, insufficient internet connectivity and use of decertified CEHRT. As a reminder, a new hardship application is required for each reporting period in which a hospital was unable to…
On July 16, the Court of Justice of the European Union (“CJEU”) invalidated the Privacy Shield, one of the primary mechanisms used by U.S. companies to lawfully transfer personal data outside of the European Union under the GDPR. Despite a prior adequacy determination in 2016, the CJEU found that shortcomings in the Privacy Shield, particularly U.S. security and surveillance laws and an ineffective Ombudsperson program, resulted in a failure to provide essentially equivalent protections to…
This past Tuesday the Federal Trade Commission (FTC) hosted its 5th annual PrivacyCon, which I listened to as I traveled back home from a much-needed weekend get-away with my family . . . and I am glad that I did — it was a GREAT event!  The full-day event covered a wide-range of cutting edge and titillating issues concerning the privacy of data in this day and age of rapidly accelerating technology.  However, it was…
A preliminary class action data breach settlement involving Iowa Health System, doing business as UnityPoint Health, should prompt health care organizations to take a second look at their breach insurance coverage as well as their contracts with vendors who process data on their behalf.  As reported by HealthITSecurity, the proposed settlement contains no global cap on allowable monetary relief and credit monitoring services which means UnityPoint Health would be potentially liable to each and…