
Providers should be vigilant about the truthfulness of the claims and statements that are being submitted for remuneration by the government.

Rachel V. Rose, JD, MBA, advises clients on compliance, transactions, government administrative actions, and litigation involving healthcare, cybersecurity, corporate and securities law, as well as False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.

Providers should be vigilant about the truthfulness of the claims and statements that are being submitted for remuneration by the government.

An advisory opinion is only applicable to those requesting it; seek guidance under AKS or ensure safe harbors are met and a goal is to not induce referrals based on volume or value.

Recent attacks encouraged new guidelines from the National Institute for Standards and Technology (NIST).

A few notable items seemingly intersect with the Health Insurance Portability and Accountability Act (HIPAA).

When considering the treatment of minors, as well as the release of the related protected health information, there are considerations not to overlook.

Compliance measures can assist healthcare industry participants avoid potential liability, whether civil or criminal, under the False Claims Act.

Covered entities should be balancing a patient’s right to request his/her medical records or designated record set in a particular electronic format with an unacceptable level of security risk to the covered entity’s systems.

Viewed through the lens of the prosecutor and the government’s expert

In light of a major insurance company recently being hit with ransomware, the importance of protection, detection, and correction cannot be over emphasized.

Technical, administrative, and physical safeguards need to be implemented in accordance with the Security Rule; NIST standards are preferrable.

HHS-OIG items of interest for providers.

Cyberthreats are not going away and cybercriminals are becoming more crafty.

H.R. 7898, signed into law on January 5, 2021, addresses the recognition of security practices and amends the HITECH Act – kind of.


Two recent enforcement actions and answers to a common question of workplace privacy requirements in light of COVID-19.

As 2020 comes to a close, three items related to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH Act”) emerged.

This is Part III in this series and the focus is on the cybersecurity donation Anti-Kickback Statute (“AKS”) safe harbor and Stark Law exception.

In addition to focusing on value-based care, the Stark Law and Anti-kickback Statute (AKS) Final Rules alter several decades of safeguards, as long as certain parameters are met. This is Part II of a three-part series.

Stark and AKS Final Rules focus on value-based care. This is Part I of a three-part series.

2020 has brought on new stressors in every facet of life. Perhaps Thanksgiving can offer a time to reset.

Warnings from government agencies and experts, coupled with recent HHS-OCR settlements, place HIPAA and cybersecurity compliance at the top of one’s “to do” list.

Being small does not equate to being disadvantaged. Here’s how solo providers and small group practice are benefitting during the pandemic.

A trifecta of healthcare cybersecurity issues should cause healthcare industry participants to assess their current environments.

More than 500 individuals affected; five new enforecement actions published.

Two hot-topic developments in cybersecurity and government procurement.

Teleworking and telehealth have opened more doors for cybercriminals due to a lack of technical, administrative, and physical safeguards.

HIPAA settlement and new guidelines shed light on government enforcement policies.

Stay vigilant about schemes and submissions of false claims.

Two recent cases, one settled and one just filed, are illustrative of the effects of class actions, which are filed in relation to an underlying data breach involving PHI.

Two recently unveiled cases provide a glimpse into areas physicians and providers should be evaluating for continued compliance.