Good News and Bad News for ECFMG & USMLE Applicants: Recent Changes for the USMLE Step Exams

Headshot of attorney George IndestBy George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law

These are some recently announced changes that could significantly impact anyone seeking to take the USMLE Step exams. This could be construed as good news by many and bad news by many others. Regardless, here it is.

Step 1 Exam Changing to Pass/Fail Grade and Score Reporting.

The USMLE announced recently that it would change the scoring and reporting for Step 1 exam scores. Step 1 score reporting will transition to pass/fail only for administrations on or after January 26, 2022. All of the worry about passing with a low score and how that might affect residency choices will be eliminated by this change.

Number of Attempts for Step 1 or Step 2 Exam Limited to Four (4) Lifetime Attempts.

Remember when you had no limit on the number of times you could take a USMLE Step exam? Remember when it was reduced to a maximum of six (6) attempts, not that long ago? Guess what? Not anymore!

Effective July 1, 2021, the number of attempts you can have to pass any USMLE Step exam will change. The change latest change reduces the total number of allowable attempts from six (6) attempts to four (4) attempts for any single Step exam, including any incomplete attempts. This is in effect for all applications submitted on or after July 1, 2021. So now, examinees who have already attempted any USMLE Step exam four (4) or more times and have not passed, will no longer be eligible to apply for the USMLE exams.

Is it possible to obtain an exemption? Depending on your circumstances, we can petition for one, but that does not mean it will be granted.

Step 2-CS Exam Completely Eliminated!!!!

Remember the Test of English as a Foreign Language (TOEFL), also known as “der Teufel” (1), that used to be required for Foreign Medical Graduates (now known as “International Medical Graduates” or “IMGs”)? No? Well, I don’t either.

Remember when the Step 2-CS was easily considered the most difficult exam for a foreign medical graduate to pass. Well, I do remember this!

The Step 2-CS (for “clinical skills”) exam was supposed to address any foreign language problems in practicing in the United States. This became, in my opinion, one of the biggest obstacles to for IMGs becoming licensed in the U.S. It was originally discontinued for approximately a year and a half because of problems caused by the COVID-19 epidemic.

Guess what? It doesn’t exist anymore. Accordingly, the Federation of State Medical Boards (FSMB) and the National Board of Medical Examiners (NBME), co-sponsors of the United States Medical Licensing Examination (USMLE) by the USMLE Secretariat, announced on January 26, 2021, that it was discontinuing the Step 2-CS exam.

I guess the powers that be learned when they eliminated the Step 2-CS during the COVID-19 pandemic in 2020, that it was not so necessary after all. Now it is gone.

“Will it ever return, no it will never return; its fate is still unknown.”(1) There is no expectation that it will ever come back. What do you do now with all of those low score “fails” and lows test score “passes” you previously received on the Step 1 exam and the Step 2-CS? The answer is lost in chaos. We will just have to wait and see.

Major Chinese Medical Schools Disqualified in 2019.

See my next blog on what happened to eight (8) major Chinese medical schools so that their graduates cannot take the Step exams or become licensed in the U.S. anymore. Click here to read about the Chines medical schools.

Endnotes:

(1) German for “the Devil”

(2) Paraphrase of verse from “MTA” [standing for the Boston Metropolitan Transit Authority or subway train] written by Jacqueline Steiner and Bess Lomax Hawes, recorded and made famous by The Kingston Trio in 1959.

(3) Answer to the final question asked at the end of every episode of the Japanese Anime series “Dorohedoro” or “Doro and Doro” (2020) (available on Netflix), about a man named “Caiman” who wakes up one morning with the head of a lizard and amnesia and searches for the reason.

Contact a Health Care Attorney Experienced in the Representation of Medical Students, Interns, Residents and Applicants, Fellows and Those Involved in Graduate Medical Education, and those being challenged by the National Board fo Medical Examiners (NBME), the United States Medical Licensing Examination (USMLE) Secretariat, and the Educational Commission for Foreign Medical Graduates (ECFMG)

The Health Law Firm and its attorneys represent interns, residents, fellows, and medical school students in disputes with their medical schools, supervisors, residency programs, and in dismissal hearings. We have experience representing such individuals and those in graduate medical education programs in various disputes regarding their academic and clinical performance, allegations of substance abuse, failure to complete integral parts training, alleged false or incomplete statements on applications, allegations of impairment (because of abuse or addiction to drugs or alcohol or because of mental or physical issues), because of discrimination due to race, sex, national origin, sexual orientation, and any other matters. We routinely help those who have disputes with the National Board fo Medical Examiners (NBME), the United States Medical Licensing Examination (USMLE) Secretariat, and the Educational Commission for Foreign Medical Graduates (ECFMG), including on hearings and appeals concerning “Irregular Behavior,” “unprofessionalism,” and “Irregular Conduct.”

To contact The Health Law Firm please call (407) 331-6620 or toll-free at (888) 331-6620 and visit our website at www.TheHealthLawFirm.com.

Sources:

“USMLE policy updates following Step 2 CS discontinuation.” United States Medical Licensing Examination Announcements. (July 21, 2021). Web.

About the Author: George F. Indest III, J.D., M.P.A., L.L.M., is Board Certified by The Florida Bar in Health Law; he is the President and Managing Partner of The Health Law Firm. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com. The Health Law Firm, 1101 Douglas Avenue, Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll-Free: (888) 331-6620.

 

“The Health Law Firm” is a registered fictitious business name and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law Firm. All rights reserved.

 

 

By |2024-03-14T09:59:11-04:00February 26, 2024|Categories: Health care Law, Medical Education Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |Comments Off on Good News and Bad News for ECFMG & USMLE Applicants: Recent Changes for the USMLE Step Exams
Read More

COVID-19 Burn Out Causing More Resident Physicians to Unionize, Part 2

stethoscope and gavel with the word covid-19 written before it
By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

This is part two of a blog series focusing on the effects of COVID burnout in healthcare professionals. Don’t forget to read part one.


The Problem With Residents’ Working Conditions Existed Long Before the Pandemic.

It’s common for resident physicians to work long hours for relatively low pay. They have little or no ability to determine their schedule and are generally locked into positions for up to seven years. Certainly, medical residents have voiced concerns about their work lives long before the pandemic. Some describe years of grueling schedules, sometimes with 24-hour shifts, including 80-hour workweeks. “Residents were always working crazy hours, then the stress of the pandemic hit them really hard,” John August, a director at Cornell University’s School of Industrial and Labor Relations, is quoted as having said.

To learn more about issues that affect residents and fellow physicians, click here to visit the American Medical Association (AMA) Resident and Fellow Section.


Benefits & Drawbacks of Unionizing.

Medical residents looking to unionize often cite such basics as pay and working conditions as top reasons. For reference, first-year residents earned just under $60,000 on average in 2021, according to a survey done by AAMC.  At 80 hours a week, one could calculate that residents could very well be earning less than the minimum wage, according to the AAMC data.

Those unionizing typically say wages are too low, especially given residents’ workload, student loan debt, and the rising cost of living.

Additionally, some residents say that unions can have upsides for hospitals and can also help enhance patient care. Patients deserve physicians who aren’t exhausted and preoccupied with the stress of finances. “To take good care of others, we need to be able to care for ourselves. We love being residents and caring for patients. But we can’t do that well if we neglect ourselves,” said a University of Vermont Medical Center resident.

On the other hand, residents unionizing is not without its potential drawbacks. For hospitals, money is an issue. Although federal funding helps pay residents’ salaries, most training expenses come from hospitals. In many instances, because of the pandemic, those funds are now depleted, said Janis Orlowski, MD, AAMC chief health care officer.

Some worry that unionizing can undermine the connections between residents and the physicians who train them. Another primary concern for hospitals is the threat of a strike; although rare, it has been decades since the last one. Many residents also worry that unionizing could undermine patients’ and communities’ trust in them.

Happy Residents, Happy Patients.

For some healthcare workers, the COVID-19 pandemic solidified the importance of a union. Residents have been on the front lines of care but were not alwaysmedical residents giving a thumbs up with arms up in the air the first to access PPE or lifesaving vaccines. Others are simply looking for acknowledgment of the sacrifices they’ve made while caring for the country’s most vulnerable patients.

However, one thing remains clear; both sides agree that the goal is to become a good physician and get taken care of in the process.

For more information on residency programs, click here to watch one of our video blogs, and make sure to check out our YouTube page.


Contact Experienced Health Law Attorneys Representing Residents, Fellows, and Medical Students.

The Health Law Firm routinely represents resident physicians, fellows and students, including medical students, dental students, nursing students, pharmacy students, and other healthcare professional students, who have legal problems with their schools or programs. We also represent students, residents, and fellows in investigations, academic probation and suspensions, disciplinary hearings, clinical competence committee (CCC) hearings, and appeals of adverse actions taken against them. The Health Law Firm’s attorneys include those who are board-certified by The Florida Bar in Health Law as well as licensed health professionals who are also attorneys.

To contact The Health Law Firm, please call (407) 331-6620 or Toll-Free (888) 331-6620 and visit our website at www.TheHealthLawFirm.com.

Sources:

Weiner, Stacey. “Thousands of medical residents are unionizing. Here’s what that means for doctors, hospitals, and the patients they serve.” AAMC News. (June 7, 2022). Web.

Kwon, Sarah. “Burned out by COVID and 80-hour workweeks, resident physicians unionize.” Kaiser Health News. (May 27, 2022). Web.

Murphy, Brenden. “Why more resident physicians are looking to unionize.” AMA. (June 28, 2022). Web.

Author HeadshotAbout the Author: George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law is an attorney with The Health Law Firm, which has a national practice. Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Suite 1000, Altamonte Springs, Florida 32714, Phone: (407) 331-6620 or Toll-Free: (888) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2022 The Health Law Firm. All rights reserved.

By |2024-03-14T09:59:17-04:00November 11, 2023|Categories: Health care Law, Medical Education Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , |Comments Off on COVID-19 Burn Out Causing More Resident Physicians to Unionize, Part 2
Read More

Finding a Nurses Service Organization Insurance Attorney to Defend You in a Complaint Against Your Nursing License

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Many nurses, nurse practitioners and certified registered nurse anesthetists (CRNAs) carry professional malpractice insurance through Nurses Service Organization (NSO) or one of the other similar insurance companies.  This insurance is inexpensive and provides excellent coverage.  What you may not realize, however, is that such insurance provides many added benefits, other than just coverage on nursing liability law suits.  It will pay for legal defense expenses if there is a complaint filed against your nursing license.  It will pay legal expenses for a lwyer to get involved and represent you if you receive a subpoena to testify or provide records.  It will cover you if you have a HIPAA complaint or breach of medical privacy complaint filed against you.

Under such policies, the insurance company will pay the legal fees and other costs related to your defense.  However, most of the times, you will still be required to locate and retain the appropriate attorney to represent you in the matter.


What to look for when retaining an attorney to defend you.

1.    Your primary concern should be to find and retain an attorney who accepts the insurance that you have, whether it is NSO Insurance, CPH & Associates Insurance, Philadelphia Insurance, Trust Management Services, Firemans Fund, or another national company.  This will ensure that you have an attorney who will give you the lower rates the insurance company had negotiated and will have a good working relationship established with your insurance company.  If an attorney with our firm cannot represent you, we will certainly try to find an attorney who will.

2.    Another primary qualification for any attorney you hire to represent you should be his or her experience in working with health professionals in the same field and on similar matters.  If the attorney is not familiar with your area of health practice, it may be difficult for that attorney to get up to speed to represent you properly.

3.    If you come across an attorney who states that she or he will help you make a statement to the investigator or assist you in the investigation, but does not appear with you in hearings, then this is the wrong attorney.  You need an attorney who can represent you from start to finish.

4.    Often you will come across an attorney who only wants you to accept a consent order, stipulation, or settlement agreement.  Remember that these are all merely “plea bargains” and by signing this type of agreement, you will be pleading guilty to whatever offenses are charged.  In most cases, you will probably be innocent of the charges and should request a formal administrative hearing in order to prove this.

5.    You also want to retain the services of an attorney who has appeared before your professional board or professional licensing authority in investigations and hearings, especially formal and informal administrative hearings.  The lack of familiarity with such investigations and boards can be costly to you.

6.    You don’t necessarily need an attorney who is located in your city, county, or state.  Almost all the work on the case will be done by telephone and e-mail.  You usually have only one meeting or hearing with the investigator or its board and, depending on what type of hearing it is, it could be located in many different locations.  Our attorneys will travel to those locations for meetings and hearings.

7.    Beware of attorneys who hold themselves out in Internet advertising as health attorneys or professional license defense attorneys but are really some other type of attorney.  We see this a lot from medical malpractice attorneys, criminal defense attorneys and attorneys who sue insurance companies.  Be sure you get an attorney who concentrates his or her practice in defending nurses with nursing complaints, investigations and hearings.

8.    If you can’t find an attorney to meet your immediate needs through an Internet search, you may contact your insurance company or professional association and ask if they have a list of attorneys that can do the legal work you require.  For example, you may reach Nurses Service Organization (NSO) at (800) 247-1500; you can reach CPH & Associates at (800) 875-1911 or (312) 987-9823; you can access a list of professional license defense attorneys who represent nurses online at:  https://taana.org/referral/




Contact Health Law Attorneys Experienced in Representing Nurses.

The Health Law Firm’s attorneys routinely represent nurses in Board of Nursing investigations and complaints, DORA investigations and complaints, and Department of Health (DOH) investigations and complaints.  We appear before the Board of Nursing in licensing matters and in many other legal matters.  We represent nurses across the U.S., not just in Colorado, Florida, Louisiana, Virginia, and Washington, D.C.

To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 or (970) 416-7456 and visit our website at www.TheHealthLawFirm.com.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620.

 

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2024 The Health Law Firm. All rights reserved.

By |2024-03-28T11:33:11-04:00June 8, 2021|Categories: Health care Law|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |Comments Off on Finding a Nurses Service Organization Insurance Attorney to Defend You in a Complaint Against Your Nursing License
Read More

Civil and Criminal Enforcement of HIPAA Privacy and Security Regs on the Rise

George Indest Headshot

Attorney George F. Indest III, The Health Law Firm

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Office of Civil Rights (OCR), a division within the U.S. Department of Health and Human Services (HHS), is the federal organization responsible for investigating complaints and enforcing the Privacy and Security Regulations implementing the Health Insurance Portability and Accountability Act, commonly referred to as “HIPAA.”

As the COVID-19 pandemic seems to be leveling off and more employees are going back to the office, and into the field, HIPAA complaint investigations will definitely pick up. Furthermore, criminal prosecutions for violations of HIPAA have recently been on the rise as well.

OCR’s Investigations and Enforcement Actions.

OCR enforces the HIPAA Privacy and Security Regulations in several ways:

The first method it has is the receiving and investigating of HIPAA violation complaints. These can easily be filed online by going to https://www.hhs.gov/hipaa/filing-a-complaint/.

If you receive a notice from the OCR that it is investigating a HIPAA complaint against you, it will request a large number of various documents relating to the matter. It is crucial that you retain the services of an experienced health lawyer to assist you in responding. Often, it will not be necessary to provide all of the documents requested by OCR, if your attorney determines that certain legal grounds exist for avoiding this. Regardless, you should seek legal counsel, anyway, since both criminal and civil sanctions may result.

OCR Also Conducts Compliance Audits.

OCR conducts compliance reviews to determine if covered entities are in compliance. Covered entities include, for example, physicians, medical groups, nurse practitioners (in most cases), psychologists, mental health counselors (in most cases), pharmacists, health clinics (in most cases), assisted living facilities (ALFs), home health agencies (HHAs), hospitals, and many others.

OCR reviews the information that it gathers through its investigation or audit. In some cases, it may determine that the covered entity did not violate the Privacy Regulations or the Security Regulations. However, in the case of the covered entity’s violation, OCR may do any of the following:

Dismissing the matter or taking no further action.

Obtaining the Covered Entity’s agreement for voluntary compliance going forward.

Obtaining corrective action through a corrective action plan (CAP).

Negotiating a resolution agreement (RA).

Assessment of civil penalties (monetary fines).

Referral to the Department of Justice (DOJ) for further investigation and criminal prosecution.

Civil Violations.

In cases of noncompliance where the covered entity does not satisfactorily resolve the matter, OCR may decide to impose civil money penalties (CMPs) on the covered entity. It can then take further administrative or civil litigation action to enforce these if they are not paid.

Civil monetary penalties for HIPAA violations are determined based on a tiered civil penalty structure. The HHS secretary has discretion in determining the amount of the penalty based on the nature and extent of the violation and the nature and extent of the harm resulting from the violation. HHS is prohibited from imposing civil monetary penalties (except in cases of willful neglect) if the violation is corrected within 30 days (this time period may be extended at HHS’s discretion). So it is imperative to retain an attorney and get on top of the situation fast.

The range of penalties for civil violations.

HIPAA violation: Unknowing
Penalty range: $100 – $50,000 per violation, with an annual maximum of $25,000 for repeat violations

HIPAA violation: Reasonable Cause
Penalty range: $1,000 – $50,000 per violation, with an annual maximum of $100,000 for repeat violations

HIPAA violation: Willful neglect but corrected (violation is corrected within the required time period)
Penalty range: $10,000 – $50,000 per violation, with an annual maximum of $250,000 for repeat violations

HIPAA violation: Willful neglect, not promptly corrected (violation is not corrected within the required time period)
Penalty range: $50,000 per violation, with an annual maximum of $1.5 million

Criminal penalties for violations.

In June 2005, DOJ clarified who can be held criminally liable under HIPAA. Its clarification included officers, employees, and other principles of business entities (corporations and companies) that are covered entities, including co-conspirators, aiders, and abettors of the acts.

Criminal violations of HIPAA are investigated and prosecuted by DOJ. As with the civil penalties, there are different criminal penalties based on the level of severity of the criminal violation.

Covered entities and specified other individuals who knowingly obtain or disclose individually identifiable health information, in violation of the Administrative Simplification Regulations to the HIPAA Regulations, face a fine of up to $50,000, as well as imprisonment for up to one (1) year.

Offenses committed under false pretenses allow penalties to be increased to a $100,000 fine, with up to five (5) years in prison.

Finally, offenses committed with a profit motive, in other words, with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm permit fines of $250,000 and imprisonment up to ten (10) years.

What is a “Covered Entity?”

One thing to remember is that HIPAA and its enforcing regulations only apply to “covered entities” with certain minor exceptions. The following are examples of “covered entities”:

Health plans (e.g., health insurers, HMOs, PPOs)

Health care clearinghouses

Health care providers who transmit claims in electronic form (this will cover almost all health facilities and health professionals)

Medicare prescription drug card sponsors

Individuals such as directors, employees, or officers of a covered entity (where the covered entity is not an individual) may criminally liable under HIPAA per the “corporate criminal liability” theory.

 

Criminal Penalties for HIPAA Violations.

Yes, there are criminal penalties, including prison for up to ten (10) years, possible for HIPAA violations.

To read an earlier blog I wrote on criminal penalties for HIPAA violations, please click here.

What is the Definition of “Knowingly?”

The DOJ interprets the required element of “knowingly” in the criminal liability section of HIPAA as requiring only knowledge of the actions that constitute an offense. Specific knowledge that an action is a violation of HIPAA is not required.

Can a HIPAA Violation Lead to Exclusion from the Medicare Program?

HHS has the authority to exclude from participation in Medicare any covered entity that was not compliant with certain HIPAA Regulations under certain circumstances. Call your healthcare lawyer for details on this.

For information on the effects of exclusion from any government-sponsored healthcare program on a doctor, nurse, dentist, or any other health provider, visit our website’s Health Law Articles and Documents page to view the OIG’s Special Advisory Bulletin.

 

The Administrative Simplification Act Simplifies it All.

The Administrative Simplification Act sought to clarify and simplify parts of HIPAA and increase specific penalties for violations. Title 42, United States Code, Chapter 7, Subchapter XI, Part C (Administrative Simplification Act).

The Administrative Simplification Regulations authorize a fine of up to $50,000, as well as imprisonment up to one year. Offenses committed under false pretenses allow penalties to be increased to a $100,000 fine, with up to five years in prison. Finally, offenses committed with the intent to sell, transfer, or use individually identifiable health information for commercial advantage, personal gain, or malicious harm permits fines of $250,000 and imprisonment for up to 10 years.

Misuse and Disclosure of “Unique Health Identifiers.”

The wrongful use of a unique health identifier can be charged as a violation of 42 U.S.C. § 1320d–6(a)(1) and (b)(1)), the penalty provision of which is set forth in 42 U.S.C. § 1320d–6(b)(1). “Unique health identifier” includes a patient’s name, address, social security number, insurance member ID number, description of health history, and description of the patient’s symptoms.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free: (888) 331-6620.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999. Copyright © 2021 The Health Law Firm. All rights reserved.

By |2024-03-14T09:59:43-04:00April 9, 2021|Categories: Health care Law|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , |Comments Off on Civil and Criminal Enforcement of HIPAA Privacy and Security Regs on the Rise
Read More

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that compromised over 200,000 patient records. Part of the settlement included a Corrective Action Plan, or CAP, which the clinic agreed to adopt, to help prevent future breaches of privacy. Click here to view the resolution agreement and Corrective Action Plan (CAP).

On September 24, 2020, the OCR publicized a settlement with an information technology (IT) and health information management company. The business agreed to pay $2.3 million to settle claims of systemic security rule violations relating to a 2014 hacking incident impacting the personal health information (PHI) of more than 6 million individuals. Click here to read the settlement agreement.

Days later, the OCR released information about a $6.85 million settlement with Premera Blue Cross, the largest health plan in the Pacific Northwest. The settlement, the second largest to date, related to a 2015 cyber-attack which exposed the health information of more than 10 million individuals. To read the resolution agreement in full, click here.

In regard to these settlements, the OCR alleged that the following security rule violations had occurred:

1. Failure to conduct an adequate and thorough risk analysis;

2. Failure to implement sufficient mechanisms to record and examine system activities;

3. Failure to enter into business associate agreements with vendors with access to electronic protected health information;

4. Failure to implement reasonable security measures to reduce risks and vulnerabilities;

5. Failure to respond to and document a known security incident;

6. Failure to implement technical policies and procedures regarding access; and

7. Failure to implement procedures to regularly review system activity logs and reports.

Readers could use the above as a compliance checklist to make sure their own systems of records are being properly protected.

Consequences of HIPAA Rule Noncompliance.

The HIPAA Security Rule establishes a set of national standards for confidentiality, integrity, and availability of e-PHI. HHS is responsible for administering and enforcing these standards, along with enforcement of the HIPAA Privacy Rule. Therefore, the agency may conduct complaint investigations and compliance reviews. To learn more details about the HIPAA Security Rule, click here.

HHS looks for systems failures, prior breaches, missing risk analyses, or absence of or inadequate HIPAA policies. Without question, any compliance violations will result in an enforcement action. And as these three settlements have demonstrated, enforcement can be costly.

Don’t Wait Until It’s Too Late, Protect Yourself from HIPAA Security Rule Compliance Violations.

Businesses and organizations need to acknowledge the need to act and create a HIPAA security rule compliance plan. Locating existing security policies and the last completed risk analysis is an essential step in compliance. If it’s been over a year, perform or update risk analysis to identify risks or vulnerabilities on all systems that contain any e-PHI. Security rule compliance requires regular attention and detailed records. Take steps now to help protect e-PHI from data breaches, and avoid millions of dollars in settlements or fines.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions to investigate and defend alleged HIPAA complaints and violations and prepare Corrective Action Plans (CAPs). Our attorneys regularly defend OCR HIPAA audits, defend in HIPAA complaint investigations, assist in preparing a HIPAA Risk Analyses, defend in federal administrative actions and administrative hearing cases, and defend in civil or administrative litigation of HIPAA/breach of medical confidentiality law suits.

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Kraus, Anna and Carrier, Tara. “HHS Announces Multiple HIPAA Settlements Related to Data Breaches and the Right of Access Initiative.” Lexology. (October 6, 2020). Web.

Castricone, Dena. “The Crushing Cost Of HIPAA Security Rule Noncompliance.” Law360. (October 1, 2020). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law

By |2024-03-14T09:59:44-04:00April 1, 2021|Categories: Health care Law, Pharmacy Law Blog|Tags: , , , , , , , , , , , , , , , , , , |Comments Off on Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches
Read More

Colorado Board of Pharmacy Must Hand Over Patient Identifying Data to DEA

George Indest HeadshotBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law
On April 22, 2020, a federal judge ordered the Colorado Board of Pharmacy to give the U.S. Drug Enforcement Administration (DEA) prescription drug monitoring program data on two pharmacies that the DEA is investigating. The data includes patient identifying information of more than 14,000 patients. The state must turn over the data by May 15, 2020, according to the order.

Pharmacy Investigations.

Citing concerns about the two pharmacies’ handling of controlled-substance prescriptions, the DEA issued subpoenas under the Controlled Substances Act in 2019. The DEA requested the information as part of an investigation into whether the two unnamed pharmacies broke the law in dispensing opioids and other drugs.

Clash Over Patient Privacy.

The DEA’s requested information is kept under the state’s Prescription Drug Monitoring Program or PDMP. For controlled-substance prescriptions, Colorado pharmacies and pharmacists are required by state law to report information that includes the names of patients, their doctors, and pharmacies.

Colorado state officials refused to release the data citing patient privacy concerns. The DEA’s “overly broad, undifferentiated demand for access would violate the Fourth Amendment right to privacy guaranteed to more than 14,000 patients whose medical data is at issue,” the state said.

According to the order, the Colorado statute allows the prescription-monitoring data to be disclosed but only to specific recipients including in response to law enforcement subpoenas. However, the state argued that the Colorado statute only applies to a “bona fide investigation of a specific individual.”

To read about a similar case involving a DEA investigation into pharmacy prescription practices, click here to read my prior blog.

The Decision.

U.S. District Judge Raymond P. Moore denied Colorado’s objections to the DEA’s subpoenas for the prescription data including patients’ information such as names, birth dates, and addresses. The judge said the DEA has shown that the requested information is relevant and needed for the ongoing investigation of the two pharmacies, and no warrant is needed to obtain it. The order directs the Colorado Board of Pharmacy and Patty Salazar, Executive Director of the Colorado Department of Regulatory Agencies (DORA) to provide the data to the DEA no later than May 15, 2020.

To read the court’s order in full, click here.

For more information, click here to read the press release issued from the United States Attorney’s Office for the District of Colorado.

States Must Act to Protect the Integrity of Such Programs.

State prescription drug monitoring programs (PDMPs) were sold to pharmacists and physicians based on a promise that they were solely for the purpose of protecting patients from overdoses and preventing “doctor shopping” by dishonest, drug-seeking patients. Inherent in these programs was the promise that they would not be used for the purpose of prosecuting or charging physicians or pharmacists, in criminal proceedings or administrative proceedings, based on their contents. Most of the state laws that authorized the creation of PDMPs specifically forbid their use in such cases. This was required in order to get physicians and state medical societies to buy off on them.

Yet here we are. We see this over and over. the Federal government and federal agencies obtaining copies of these reports from the state and using them as direct evidence against physicians, pharmacists, nurse practitioners, and pharmacies, despite the prohibition of the state statutes.

Moreover, not only does this subvert the purpose behind creating such databases, but then it runs afoul of the Fifth Amendment of the U.S. Constitution and similar provisions of most state constitutions. The doctor or pharmacist is required by law to report the prescriptions to the PDMP, but then the federal agency turns right around and uses it as evidence against the individual who reported it.

The feds take the position: “We do not care why you, the state, authorized it or what its purpose was supposed to be. If we want to take that information and use it for something else, something that was specifically prohibited by the state, then we will do it.”

Until state pharmacy associations and medical associations do something to tighten up the state legislation that created the PDMPs, this situation is not likely to change. The feds will continue to use the state PDMPs to prosecute and to take administrative actions to revoke the DEA registrations of physicians, pharmacists, pharmacies, and other health professionals.

Consult With A Health Law Attorney Experienced in the Representation of Pharmacists and Pharmacies.

We routinely provide legal representation to pharmacists, pharmacies, physicians and other health providers. We defend in state and federal administrative hearings, investigations, and litigation. We represent health professionals in formal and informal administrative hearings. We have a great deal of experience in defending against DEA actions.

The lawyers of The Health Law Firm are experienced in both formal and informal administrative hearings and in representing physicians, physician assistants and other health professionals in investigations and at Board of Pharmacy hearings. Call now or visit our website www.TheHealthLawFirm.com.

Sources:

Zegers, Kelly. “Colo. Must Give DEA Pharmacy Data With Patient Info.” Law360. (April 20, 2020). Web.

Ingold, John. “Why the DEA is suing Colorado’s pharmacy board as part of an opioid investigation.” The Colorado Sun. (November 11, 2019). Web.

Pazanowski, Mary Ann. “Colorado Pharmacy Board Must Give DEA Patient-Identifying Info.” Bloomberg Law. (April 22, 2020). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law Firm. All rights reserved.

By |2024-03-14T09:59:47-04:00March 4, 2021|Categories: Health care Law|Tags: , , , , , , , , , , , , , , , |Comments Off on Colorado Board of Pharmacy Must Hand Over Patient Identifying Data to DEA
Read More

10 Biggest Mistakes Dentists Make That Cause DOH Complaints

Attorney George F. Indest IIIBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In representing dentists in complaints against their licenses, we see similar cases over and over again. The dentists could have avoided many Department of Health (DOH) complaints that may wind up before the Board of Dentistry.

These are the ten biggest mistakes we see dentists make, leading to DOH complaints being filed and investigations being opened against them.

1.  Requiring patients to pay an outstanding dental bill before releasing a copy of their dental records. This is prohibited by law. However, the patient can be charged for the copy of the record, up to $1.00 per page for the first 25 pages, ($.25 per page after that), and actual costs of reproduction for other forms of dental records (X-rays, CD’s photographs).

2.  Not having the original patient x-rays or a good digitized copy. Believe it or not, many dentists we have represented either gave their x-rays to the patient or sent them to a subsequent treating dentist. Always release copies (for which you may charge). Always keep the originals. (Not having them when needed). With the expanding use of digital x-rays stored in an electronic dental record, this is not so problematic as it was in the past.

3.  Accepting a new patient who has had more than one other primary dentist within the prior five years (when the patient hasn’t relocated to a new geographical area). Unhappy, disgruntled, unrealistic patients will change dentists often. Identify these patients early and refuse to accept them as your patients or terminate them as patients as soon as you identify them. Closely related to this is accepting or failing to terminate the “disgruntled” patient. If a patient is a chronic complainer or threatens to sue or file a complaint, this is a patient who will, most likely, never be satisfied. Terminate this patient immediately.

4.  Failing to fully inform the patient of possible less-than-desirable outcomes (documenting this in writing, preferably signed by the patient). This includes but is not limited to the fact that there may be subsequent pain or infection, that the bite may be less than perfect and may have to be adjusted, that a bridge or other fixture may not fit correctly and may need to be adjusted, etc.

5.  Failing to have and use appropriate consent forms including, but not limited to:

a.  Refusal of a treatment consent form

b.  Consent for less than optimal dental treatment (to use when a patient refuses to follow dentist’s recommended treatment plan). This is also called “Refusal of Recommended Treatment.”

c.  Root Canal consent form
d.  Tooth Extraction
e.  Endodontic procedures
f.  Dentures and bridges

6.  Failing to refund dental fees when complaining patients demand it. We do not routinely recommend that you refund dental fees based solely on a patient’s demand that you do so. In many cases, the patient will have benefited from the treatment, procedure, or appliance, and should pay for it. However, in many instances, this must be a business decision based on risk management principles. It is always a good idea to weigh the amount in attorney’s fees, time, and aggravation, mental anguish, or increase in insurance premiums that will result if you fail to refund demanded fees. Base your decision on a calculation of how likely it is that a complaint will result.

7.  Failing to have good, legible, comprehensive treatment records on the patient. A documented, comprehensive written treatment plan signed by the patient is mandatory in all cases except emergency cases and specialty consults. This also includes failing to prepare and maintain a periodontal chart on a patient. If you are going to treat and follow a patient for more than an emergency visit or a specialty consultation, you should perform a periodontal exam. Just as important, the Board of Dentistry will expect you to chart this on a periodontal chart.

8.  Failing to document the type of and amount of a drug administered, a sedative used, a compound used, etc. Be sure this is accurately stated in your chart. Be sure this is accurately billed with the correct billing code.

9.  Failing to give patients a copy of their dental chart within a reasonable period of time after requested. (The courts usually define “reasonable” as 14 calendar days or ten business days; however, the Board of Dentistry allows up to 30 days. If you can reasonably provide it earlier, do so, documenting the date.

10.  Producing only part of the complete dental chart to the patient, subsequent treating dentist, or DOH investigator when requested. This has become more problematic as dentists’ convert more and more into electronic dental records. Be sure to print out and produce all treatment plans, histories, physical exams, family history questionnaires, medical history questionnaires, informed consent forms, photographs, treatment plans, x-rays, periodontal charts, progress notes, daily journal entires, bills, correspondence with health insurers or other third-party payers. Also included are prior dentists’ records received, operative reports, or any other documents you have relating to the patient’s treatment.

These are not hard and fast rules. We cannot assure you that you will never receive a DOH complaint, a patient complaint, a grievance, or a lawsuit if you follow them. However, if you follow them, you will probably find your patients happier, your practice calmer and more productive, and your risks of having a complaint filed significantly reduced or eliminated.

Click here to read one of my prior blogs about DOH complaints and investigations.

Contact Health Law Attorneys Experienced with Investigations of Dentists and Health Professionals Today.

The attorneys of The Health Law Firm provide legal representation to dentists, dental hygienists, physicians, nurses, nurse practitioners, CRNAs, pharmacists, psychologists and other health providers in Department of Health (DOH) investigations, Drug Enforcement Administration (DEA) investigations, FBI investigations, Medicare investigations, Medicaid investigations and other types of investigations of health professionals and providers.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or toll-free: (888) 331-6620.

KeyWords: Legal representation for Department of Health (DOH) investigations, legal representation for DOH complaints, licensure defense attorney, DOH defense attorney, representation for DOH cases, DOH complaint representation, representation for dentists, dental law defense attorney, dentist representation, health law defense attorney, legal representation for health care professionals, legal representation for disciplinary actions against your license, legal representation for license revocation, licensure defense attorney, administrative complaint attorney, legal representation for administrative complaints, legal counsel for Board representation, Board of Dentistry representation, Board of Dentistry defense lawyer, The Health Law Firm, health law defense attorney, Florida health law attorney, reviews of The Health Law Firm, The Health Law Firm attorneys review

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999. Copyright © 2021 The Health Law Firm. All rights reserved.

By |2024-03-14T09:59:50-04:00February 17, 2021|Categories: Health care Law|Tags: , , , , , , , , , , , , , , , , , , , , , |Comments Off on 10 Biggest Mistakes Dentists Make That Cause DOH Complaints
Read More
“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A.
The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 2022 The Health Law Firm. All rights reserved.
FacebookInstagramLinkedInTwitterYouTube
Toggle Sliding Bar Area
Go to Top