- Industry News
- Law & Malpractice
- Coding & Documentation
- Practice Management
- Finance
- Technology
- Patient Engagement & Communications
- Billing & Collections
- Staffing & Salary
HIPAA Business Associates and the Risk of Data Security Breaches
The case against LabMD illustrates the dangers of using an unsecure network to share patients' protected health information.
As Jeff Mongelli, CEO of Acentec indicates, "Risk can be a funny thing. With the passage of the Omnibus Rule, many people thought we're now dealing with an updated, consolidated, and relatively concise body of laws and requirements to contend with. In early March, the Federal Trade Commission (FTC) successfully took action against a healthcare laboratory for HIPAA violations they considered to be unfair acts or practices. The Order on LabMD's Motion to Dismiss went on to express the FTC's belief that under Section 5 of the FTC Act, they have jurisdiction in such cases and intend to continue their enforcement activities."
Yet, before the Affordable Care Act and the Omnibus Rule, there was the FTC's 2009 enforcement action against CVS Pharmacy and the 2010 enforcement action against Rite Aide Pharmacy. In both of these cases, the pharmacy corporations (Covered Entities under HIPAA) were penalized for violations of the Privacy and Security Rules in relation to customers' protected health information. The Rite Aide action involved a separate but related action with the U.S. Department of Health and Human Services (HHS). Therefore, the FTC's Order and its analysis is not a surprise.
The FTC substantiated its position by citing the U.S. Supreme Court's interpretations of the Federal Trade Commission Act. "Neither the language nor the history of the [FTC] [A]ct suggests that Congress intended to confine the forbidden methods to fixed and unyielding categories." FTC v. R.F. Keppel & Bro. Inc., 291 U.S. 304, 310 (1934). And, the legislative history, which dates back to 1914, as well as the 1938 Amendments, support the notion that the FTC's enforcement ability over "deceptive acts and practices." Moreover, "The cardinal rule is that repeals by implication are not favored. Where there are two acts upon the same subject, effect should be given to both if possible." Posadas v. Nat'l City Bank of N.Y., 296 U.S. 497, 503 (1936). Therefore, enforcement of HIPAA noncompliance can and has come from a variety of sources.
Asset Protection and Financial Planning
December 6th 2021Asset protection attorney and regular Physicians Practice contributor Ike Devji and Anthony Williams, an investment advisor representative and the founder and president of Mosaic Financial Associates, discuss the impact of COVID-19 on high-earner assets and financial planning, impending tax changes, common asset protection and wealth preservation mistakes high earners make, and more.
How to reduce surprise billing in your practice
November 15th 2021Physicians Practice® spoke with Kristina Hutson, a product line developer at Availity, about surprise billing events in independent healthcare practices and what owners and administrators can do to reduce the likelihood of their occurrence.
