Monday, April 28, 2014

No Good Deed Goes Unpunished: Think through Labor
Implications when Forming Partnerships with Other Providers

Imagine an accountable care arrangement with two main partners – a health system with three hospitals and a large multi-specialty physician group practice.  Before they partnered in this arrangement, the health system relied on hospital-based imaging units for outpatient scans. The physician group practice, however, has three outpatient diagnostic imaging centers. These large, modern, and convenient centers perform a large number of procedures, which tends to both lower cost and improve quality.

The partners agree that the health system will start referring outpatient scans to the practice’s imaging centers – the whole point of accountable care arrangements, after all, is to align providers to deliver the best outcomes for patients in the most efficient ways possible.

Tuesday, April 22, 2014

A New Reason to Protect
Protected Health Information

Recently, an Indiana jury awarded a plaintiff $1.8 million in damages after a Walgreens pharmacist inappropriately used her position to find and share the plaintiff’s protected health information (“PHI”). [1]

As health care providers know, the Health Insurance Portability and Accountability Act (“HIPAA”) provides both civil and criminal penalties for improper disclosure of medical information but it does not create a state-based private cause of action for violation of its provisions. Thus, when someone’s PHI is inappropriately shared or disclosed by a health care provider, the individual does not have personal legal recourse against the offending party. The recent Indiana case (herein “Walgreens Co.”) illustrates, however, that HIPAA still has a significant role in state court suits alleging negligence and professional liability as it relates to confidentiality.

Thursday, April 3, 2014

A New HIPAA Security Risk Assessment
Tool for Your Compliance Arsenal

On Friday, the U.S. Department of Health and Human Services announced a new security risk assessment (“SRA”) tool for small and medium size healthcare providers.

The downloadable tool (available for free here) is a self-contained, independent application that is available for Windows and iOS platforms.

The SRA works by asking a series of in-depth questions about the provider’s activities and facilities. The “yes” or “no” answer format for each question reveals whether corrective action is needed in a particular area. Additional resources in the SRA help providers understand the risks associated with the use, disclosure and storage of protected health information.