Brennan, Manna & Diamond
Listen. Solve. Empower.
Diversity & Inclusion
Client Alerts, News Articles, Blog Posts, & Multimedia
Everything you need to know about BMD and the industry.
Recent HIPAA Breach Settlements - Lessons Learned
June 19, 2023
According to the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR), the consequences for providers may include settlements of $30,000 to $240,000. OCR recently released two settlements for improper breaches of protected health information (PHI) that are good examples of the major monetary penalties that can result from common HIPAA mistakes.
The Latest CMS Guidance: HIPAA Edition
June 23, 2022
Daphne Kackloudis, Ashley Watson and Jordan Burdick
HIPAA Business Associate Agreements: Why These Contracts Matter
January 27, 2021
No one loves drafting, reading or negotiating HIPAA Business Associate Agreements (BAAs). Yet many of us need to do so, and some of us do so daily. They are often boring, dense and technical, but BAAs are important from both a legal and a business perspective, and they deserve our attention. Failure to enter a BAA when one is required can constitute a HIPAA violation that results in substantial liability, as demonstrated by certain recent Department of Health & Human Services (HHS) settlements.1 A business associate who makes a disclosure that is not authorized by the applicable BAA or required by law can be subject to civil and, in some cases, criminal penalties. Further, parties are often presented with BAAs that contain onerous one-sided indemnification and other provisions that can be devasting to an organization in the event of a HIPAA breach. The significance of a BAA is often not fully understood by the parties until something goes wrong (e.g., a HIPAA security incident or breach, an Office of Civil Rights (OCR) audit or a fracture in the relationship between the parties) and, at that point, there is limited opportunity to mitigate legal and business risk. Ideally, attention should be given at the commencement of the business associate relationship, when the parties are able, to thoughtfully addressing regulatory requirements, planning and preparing for potential adverse events and appropriately allocating risk among the parties. As with most healthcare regulatory compliance initiatives, a proactive approach with respect to BAAs is preferable. This article provides a broad overview of certain BAA requirements and some practical negotiating tips for the parties involved.
Time to Update Your HIPAA Compliance Plan for Telehealth Policies and Procedures
September 8, 2020
The delivery of healthcare in this country may be forever changed following the COVID-19 pandemic. Providing services through telehealth technologies initially allowed providers to connect with patients in a safe and socially distant manner and helped keep vital hospital beds free for COVID-19 care. Now, while still a safe, socially distant option, telehealth allows patients to access healthcare services in an efficient manner, decreases the likelihood of cancellations, and expands access to services that do not require an in-person encounter (i.e., surgery, procedure, or test). Telehealth is now widely reimbursed by both federal and commercial payors and more provider types are able to provide telehealth services within their licensed scope of practice.
Kevin M. Cripe
CLIENT ALERT: Will Ohio Recognize a Biddle Claim in a Post-HIPAA World?
October 17, 2019
OHIO SUPREME COURT WILL HEAR CASE INVOLVING CLASS ACTION FOR ALLEGED HIPAA VIOLATIONS: Will Ohio Recognize a Biddle Claim in a Post-HIPAA World?
Luke K. Palmer, Esq.
HIPAA Compliance Update
January 20, 2016
HIPAA compliance has been a part of the regulatory landscape of healthcare since the privacy rules became effective in 2003. Since that time, most providers have taken steps to develop their compliance plans, including distributing notices of privacy practices, obtaining authorizations for release of information as needed, and obtaining business associate agreements from third parties.
Scott P. Sandrock
HIPAA Changes Alert – 2009
July 15, 2009
Just when you and your staff are finally getting comfortable with compliance with HIPAA and the Security Standards in your offices, the government has adopted new rules which will require you to make changes to your plans with the first changes to go into effect in September, 2009.
Scott P. Sandrock