Nurse Faces Suit for Wrongful Death of Jail Inmate Says 10th Circuit Court of Appeals

Headshot of attorney George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

On March 3, 2021, the U.S. 10th Circuit Court of Appeals reversed in part, a Utah court’s decision on a lawsuit for the death of a 21-year-old inmate, affirming that the jail’s doctor could claim qualified immunity, but not the nurse. After the inmate’s death, her estate sued for depriving her of her civil rights. The U.S. district court granted summary judgment in favor of the county. It ruled that qualified immunity applied to shield jail supervisors and staff. However, it denied qualified immunity to jail nurse Jana Clyde and to a private doctor who consulted with the prison, Dr. Kennon Tubbs.

The 10th Circuit appeal panel reversed the lower court’s decision, stating that one doctor can claim qualified immunity. It ruled that the jail’s nurse must face claims of civil rights violations, which are not subject to immunity. Court filings alleged that jail staff, including its nurse, ignored the inmate’s rapidly deteriorating health.

Failure to Secure Medical Treatment Despite Obvious Risks to the Inmate.

In 2016, Madison Jensen, the inmate, allegedly died from opiate withdrawal at the Duchesne County jail in Utah. After the 21-year old inmate was booked, she was allegedly placed in a cell with another woman and almost immediately began vomiting. Her vomiting allegedly continued for five days. The jail’s nurse failed to tell the physician’s assistant or doctor about Jensen’s condition, according to the complaint.

The jail’s video recording system captured the female inmate rolling off her bed and having a seizure. About 30 minutes later, both the nurse and doctor discovered she had died in her cell, the complaint said. The inmate’s cause of death was reported to be cardiac arrhythmia from dehydration due to opiate withdrawal.

Civil Rights Violation Claims.

After the inmate’s death, her estate sued for deprivation of her civil rights. The United States District Court for the District of Utah granted summary judgment for the county and the jail supervisors and staff, based on their qualified immunity. However, it denied qualified immunity to the jail nurse and the contracted doctor. Jensen’s estate claimed the jail nurse had shown deliberate indifference to the inmate’s serious medical needs, as she failed to secure medical treatment despite obvious signs and risks. In response, the nurse argued that she took reasonable steps to provide care and that she wasn’t aware that the inmate faced serious medical needs.

The circuit court judges held that “the unique circumstances of this case” allow the doctor to raise the defense of his qualified immunity. As for the jail nurse, the court said, “a trier of fact could conclude that she did not just misdiagnose Ms. Jensen, she ‘completely refused to fulfill her duty as gatekeeper.’ The nurse showed “near-complete indifference” toward the inmate that “grossly deviated from the standard of care for treating severe dehydration, especially when the result of a failure to treat is death” according to the court’s opinion.

“We believe that these circumstances — particularly her [the inmate’s] self-report that she had been vomiting for four days and could not keep down water — present a risk of harm that would be obvious to a reasonable person,” the court said. To read more, click here for the court’s opinion in full.

This isn’t the first case of an inmate’s family suing after Improper Care. Click here to read about a similar wrongful death suit of a Florida inmate.

Contact Health Law Attorneys Experienced in Representing Health Care Professionals and Providers.

At the Health Law Firm, we provide legal services for all health care providers and professionals. This includes physicians, nurses, nurse practitioners, certified registered nurse anesthetists (CRNAs), dentists, psychologists, psychiatrists, mental health counselors, home health agencies, hospitals, ambulatory surgical centers, pain management clinics, nursing homes, and any other healthcare provider. It also includes medical students, resident physicians, and fellows, as well as medical school professors and clinical staff. We represent health facilities, individuals, groups, and institutions in contracts, sales, mergers, and acquisitions. The lawyers of The Health Law Firm are experienced in complex litigation and both formal and informal administrative hearings. We also represent physicians accused of wrongdoing, patient complaints, and in Department of Health investigations.

To contact The Health Law Firm, please call our office at (407) 331-6620 or toll-free at (888) 331-6620 and visit our website at www.ThehealthLawFirm.com.

Sources:

Gill, Lauren. “UTAH JAIL NURSE FACES NEGLIGENT HOMICIDE CHARGE IN DEATH OF 21-YEAR-OLD WOMAN.” The Appeal. (August 1, 2019). Web.

O’Brian, Rachel. “10th Circ. Says Nurse Must Face Wrongful Death Suit.” Law360. (March 13, 2021). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avene, Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toff-Free: (888) 331-6620.

 

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law Firm. All rights reserved.

Certifying Emotional Support Animals and Protecting Your Professional License, Part 1 of 2

Attorney Amanda I. ForbesBy Amanda I. Forbes, J.D., and George F. Indest III, J.D., M.P.A., LL.M., Board Certified in Health Law

In today’s stress-filed world if you are a mental health counselor or other professional counselor, it is likely that you will encounter a client seeking to obtain an Emotional Support Animal (ESA)
designation letter from you. Providing such a letter may cause you to face complaints, licensing, and disciplinary actions driven by hostile landlords, homeowners associations, and business establishments that do not want any sort of animals on their premises. Often cases wind up in civil litigation. The client may also try to retaliate against you, should the client be the victim of legal problems because of attempting to keep an ESA and not understanding the legal ramifications.

However, you, as an experienced, licensed mental health professional must know what to do and not to do to protect your license and your career.

This is part 1 of 2 in a blog series regarding Emotional Support Animals. Click here for part two. We also intend to do a follow-up blog series on working animals and how they are legally distinguished from ESAs.

Here are some tips to keep in mind should you decide to provide an ESA recommendation letter:

1. You must develop and document a properly established therapist-client relationship with the client prior to writing a recommendation–do whatever you would normally do for any other client seeking your help who walks in the door.

2. Confirm the actual, true identity of the client to be sure you know with whom you are dealing. Request and obtain at least two different forms of photo ID, one including a driver’s license for the equivalent. Check and verify the name and address on the Internet or with directory assistance. (I have a personal rule of thumb: “If you can’t find a person on the Internet, then he is a fake and does not exist”).

3. Obtain the client’s complete mental health history and medical history, requesting and obtaining other treater’s records just as you would do for any other client/patient.

4. If the client has been referred to you by another provider, especially one in a different medical or health specialty, request a written referral documenting the need for the referral to you.

5. Adequately and thoroughly make and document any decision that an ESA will benefit the client and help in treating any mental health symptoms. Be thorough and document it.

6. Assign a code from the Diagnostic and Statistical Manual, ed. 5 (DSM-5 ), to the patient, or obtain one from the patient’s regular treating psychiatrist, psychologist, or mental health therapist.

7. The most important element involved is to show that there is an actual medical necessity for the client to have an ESA or that there will be a therapeutic benefit for the client to have the ESA. If you cannot justify and document this, then do not approve the request.

8. Evaluate the ESA, preferably by an in-person meeting or tele-health conference, and determine that it will benefit the client, be sure to document this evaluation and comment on the weight, height, aggressiveness, and character of the ESA. It is most helpful to have a form the ESA’s veterinarian will complete, sign, and return to you for confirmation of this information and, perhaps, an indication that the animal is suitable in character. Keep this in your record.

9. Thoroughly document the above in your chart on the client.

10. Have a thorough knowledge of your state’s laws and professional licensing board’s regulations concerning ESAs. You might review past disciplinary cases in which counselors have received discipline relating to ESAs in your state.

Warning About Organizations that Target Mental Health Counselors, Psychoanalysts, and Professional Counselors Who Approve Emotional Support Animals.

Those mental health counselors, social workers, professional counselors, and therapists who are involved in the certification or approval of emotional support animals and working animals should be advised that there are a number of organizations and individuals out there who seek out and target those who certify or approve such animals. These organizations and individuals see many cases of abuse and improper certifications being used. They see individuals who appear to have no real medical need for such an animal “purchasing” such certifications. They view them as a merely “privileged” individual who merely buys such certification for their pet just so that can take the pet everywhere and garner attention for themselves.

Sometimes these organizations and individuals even pretend to be a patient seeking certification of an emotional support animal or a working animal. They do often contact counselors using fake names and pretending to be fake patients to see how far the therapist will go without even having a real patient. Then they file a complaint with the therapist’s professional board in an attempt to have disciplinary action taken against their license.

Therefore, it is imperative that you follow the tips mentioned in this article.

Guidance from the American Counseling Association:

The American Counseling Association (ACA) published a position paper titled: Emotional Support Animals-Human Animal Interactions in Counseling Interest Network Position Statement.

In that position paper the ACA stated:

As Licensed Professional Counselors, the assessment of DSM-5 diagnoses for human clients is within the scope of practice; however, the added practices of animal behavior, behavior assessment or Human-Animal Interventions are (most often) not. Emotional Support Animal may, in some specific circumstances, provide benefits to humans to minimize identified symptoms often associated with a DSM 5 diagnoses; however, because of the potential risks and unanticipated outcomes, the HAIC strongly suggests that counselors abstain from writing letters for persons seeking counseling or assessments for the sole purpose of obtaining an ESA recommendation letter.

Click here to read the ACA letter in full.

However, if the counselor already has an existing treating relationship with a client and the counselor is considering writing an ESA recommendation letter, then the ASA recommends:

[T]he counselor must have a thorough knowledge of the local, state, and federal laws and policies surrounding ESAs and appropriate knowledge, skills, and attitudes with the subject of therapeutic human-animal interactions before writing such a letter.

Click here to learn more.

The ACA also cautions:

The ACA’s Code of Ethics C.2.e Consultations on Ethical Obligations includes “taking reasonable steps with other counselors, the ACA Ethics and Professional Standards Department, or related professionals when they have questions regarding their ethical obligations or professional practice.” This may include working with animal trainers, behaviorists, or veterinary behaviorists to ensure that the clinician remains within their scope of practice. Since there is no overarching licensing or accrediting body for this matter, nor are there federal or state mandates at this time, the onus is on the clinician to ensure ethical practice.

https://www.unh.edu/sites/default/files/departments/student_accessibility_services_/aca.final_version_esa14556_002.pdf. (Emphasis added).

Don’t forget to read part 2 in this blog series to learn more.

Contact Health Law Attorneys Experienced Investigations of Mental Health Counselors, Psychologists, Social Workers, and Family Therapists.

The attorneys of The Health Law Firm provide legal representation to mental health counselors, psychologists, social workers, and family therapists in Department of Health (DOH) investigations, FBI investigations and other types of investigations of health professionals and providers. To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

In cases in which the health care professional has professional liability insurance or general liability insurance which provides coverage for such matters, we will seek to obtain coverage by your insurance company and will attempt to have your legal fees and expenses covered by your insurance company. If allowed, we will agree to take an assignment of your insurance policy proceeds in order to be able to submit our bills directly to your insurance company.

We also defend health professionals and health facilities in general litigation matters and business litigation matters.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 or Toll-Free: (888) 331-6620, and visit our website at www.TheHealthLawFirm.com.

GEORGE F. INDEST III, J.D., M.P.A., LL.M.About the Authors: Amanda I. Forbes, practices health law with The Health Law Firm in its Altamonte Springs, Florida, office. George F. Indest III, J.D., M.P.A., LL.M., is Board Certified in Health Law by The Florida Bar and is licensed in Louisiana, Florida, and the District of Columbia. He is President and Managing Partner of The Health Law Firm. Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com. The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll Free: (888) 331-6620.

KeyWords: Representation for healthcare professionals, representation for healthcare compliance, representation for healthcare facilities, healthcare facility defense lawyer, healthcare compliance defense attorney, healthcare license defense attorney, Complex Healthcare Litigation, complex healthcare litigation defense lawyer, Complex Business Litigation, Complex Commercial Litigation, Class Action Litigation, medical regulatory defense lawyer, representation for licensed mental health counselors (LMHCs), mental health counselor defense lawyer, licensed professional counselor (LPC) defense attorney lawyer, mental health counselor legal representation, licensed professional counselor (LPC) legal representation, social worker defense lawyer, representation for social workers, social worker defense attorney, social worker complaint cases, Florida Colorado Louisiana mental health counselor complaint cases, defense lawyer for psychologists, Florida health law defense attorney, medical license defense, Florida Department of Health (DOH) attorney, representation for Louisiana and Florida Department of Health (DOH) complaint investigations, Louisiana and Florida Department of Health (DOH) defense lawyer, Colorado Division of Regulatory Agencies (DORA) defense attorney, representation for Florida Colorado Division of Regulatory Agencies (DORA) complaint investigations, Colorado Division of Regulatory Agencies (DORA) defense lawyer, Lousiana LPC Board defense attorney lawyer, Health Law Firm reviews, reviews of The Health Law Firm attorneys, administrative complaint defense lawyer, administrative complaint defense attorney, administrative hearing defense lawyer, administrative hearing defense attorney, administrative hearing defense legal counsel, representation for health care professionals

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law Firm. All rights reserved.

By |2021-02-17T11:20:17-05:00April 16th, 2021|Categories: Nursing Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |0 Comments

Finding a NSO Insurance Attorney to Defend You in a Complaint Against Your Nursing Professional License

Attorney George F. Indest IIIBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Many nurses, nurse practitioners, and certified registered nurse anesthetists (CRNAs) carry professional malpractice insurance through the Nurses Service Organization (NSO) or one of the other similar insurance companies. This insurance is inexpensive and provides excellent coverage. What you may not realize, however, is that such insurance provides many added benefits, other than just coverage on nursing liability lawsuits. It will pay for legal defense expenses if there is a complaint filed against your nursing license. It will pay legal expenses for a lawyer to get involved and represent you if you receive a subpoena to testify or provide records. It will cover you if you have a HIPAA complaint or breach of medical privacy complaint filed against you.

Under such policies, the insurance company will pay the legal fees and other costs related to your defense. However, most of the time, you will still be required to locate and retain the appropriate attorney to represent you in the matter.

What to look for when retaining an attorney to defend you.

1. Your primary concern should be to find and retain an attorney who accepts the insurance that you have, whether it is NSO Insurance, CPH & Associates Insurance, Philadelphia Insurance, Trust Management Services, Firemans Fund, or another national company. This will ensure that you have an attorney who will give you the lower rates the insurance company had negotiated and will have a good working relationship established with your insurance company. If an attorney with our firm cannot represent you, we will certainly try to find an attorney who will.

2. Another primary qualification for any attorney you hire to represent you should be his or her experience in working with health professionals in the same field and on similar matters. If the attorney is not familiar with your area of health practice, it may be difficult for that attorney to get up to speed to represent you properly.

3. If you come across an attorney who states that she or he will help you make a statement to the investigator or assist you in the investigation, but does not appear with you in hearings, then this is the wrong attorney. You need an attorney who can represent you from start to finish.

4. Often you will come across an attorney who only wants you to accept a consent order, stipulation, or settlement agreement. Remember that these are all merely “plea bargains” and by signing this type of agreement, you will be pleading guilty to whatever offenses are charged. In most cases, you will probably be innocent of the charges and should request a formal administrative hearing in order to prove this.

5. You also want to retain the services of an attorney who has appeared before your professional board or professional licensing authority in investigations and hearings, especially formal and informal administrative hearings. The lack of familiarity with such investigations and boards can be costly to you.

6. You don’t necessarily need an attorney who is located in your city, county, or state. Almost all the work on the case will be done by telephone and e-mail. You usually have only one meeting or hearing with the investigator or its board and, depending on what type of hearing it is, it could be located in many different locations. Our attorneys will travel to those locations for meetings and hearings.

7. Beware of attorneys who hold themselves out in Internet advertising as health attorneys or professional license defense attorneys but are really some other type of attorney. We see this a lot from medical malpractice attorneys, criminal defense attorneys and attorneys who sue insurance companies. Be sure you get an attorney who concentrates his or her practice in defending nurses with nursing complaints, investigations, and hearings.

8. If you can’t find an attorney to meet your immediate needs through an Internet search, you may contact your insurance company or professional association and ask if they have a list of attorneys that can do the legal work you require. For example, you may reach Nurses Service Organization (NSO) at (800) 247-1500; you can reach CPH & Associates at (800) 875-1911 or (312) 987-9823; you can access a list of professional license defense attorneys who represent nurses online at: https://taana.org/referral/

Contact Health Law Attorneys Experienced in Representing Nurses.

The Health Law Firm’s attorneys routinely represent nurses in Board of Nursing investigations and complaints, DORA investigations and complaints, and Department of Health (DOH) investigations and complaints. We appear before the Board of Nursing in licensing matters and in many other legal matters. We represent nurses across the U.S., not just in Colorado, Florida, Louisiana, Virginia, and Washington, D.C.

To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 or (970) 416-7456 and visit our website at www.TheHealthLawFirm.com.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law Firm. All rights reserved.

By |2021-02-17T16:11:47-05:00April 13th, 2021|Categories: Health Facilities Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |0 Comments

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that compromised over 200,000 patient records. Part of the settlement included a Corrective Action Plan, or CAP, which the clinic agreed to adopt, to help prevent future breaches of privacy. Click here to view the resolution agreement and Corrective Action Plan (CAP).

On September 24, 2020, the OCR publicized a settlement with an information technology (IT) and health information management company. The business agreed to pay $2.3 million to settle claims of systemic security rule violations relating to a 2014 hacking incident impacting the personal health information (PHI) of more than 6 million individuals. Click here to read the settlement agreement.

Days later, the OCR released information about a $6.85 million settlement with Premera Blue Cross, the largest health plan in the Pacific Northwest. The settlement, the second largest to date, related to a 2015 cyber-attack which exposed the health information of more than 10 million individuals. To read the resolution agreement in full, click here.

In regard to these settlements, the OCR alleged that the following security rule violations had occurred:

1. Failure to conduct an adequate and thorough risk analysis;

2. Failure to implement sufficient mechanisms to record and examine system activities;

3. Failure to enter into business associate agreements with vendors with access to electronic protected health information;

4. Failure to implement reasonable security measures to reduce risks and vulnerabilities;

5. Failure to respond to and document a known security incident;

6. Failure to implement technical policies and procedures regarding access; and

7. Failure to implement procedures to regularly review system activity logs and reports.

Readers could use the above as a compliance checklist to make sure their own systems of records are being properly protected.

Consequences of HIPAA Rule Noncompliance.

The HIPAA Security Rule establishes a set of national standards for confidentiality, integrity, and availability of e-PHI. HHS is responsible for administering and enforcing these standards, along with enforcement of the HIPAA Privacy Rule. Therefore, the agency may conduct complaint investigations and compliance reviews. To learn more details about the HIPAA Security Rule, click here.

HHS looks for systems failures, prior breaches, missing risk analyses, or absence of or inadequate HIPAA policies. Without question, any compliance violations will result in an enforcement action. And as these three settlements have demonstrated, enforcement can be costly.

Don’t Wait Until It’s Too Late, Protect Yourself from HIPAA Security Rule Compliance Violations.

Businesses and organizations need to acknowledge the need to act and create a HIPAA security rule compliance plan. Locating existing security policies and the last completed risk analysis is an essential step in compliance. If it’s been over a year, perform or update risk analysis to identify risks or vulnerabilities on all systems that contain any e-PHI. Security rule compliance requires regular attention and detailed records. Take steps now to help protect e-PHI from data breaches, and avoid millions of dollars in settlements or fines.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions to investigate and defend alleged HIPAA complaints and violations and prepare Corrective Action Plans (CAPs). Our attorneys regularly defend OCR HIPAA audits, defend in HIPAA complaint investigations, assist in preparing a HIPAA Risk Analyses, defend in federal administrative actions and administrative hearing cases, and defend in civil or administrative litigation of HIPAA/breach of medical confidentiality law suits.

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Kraus, Anna and Carrier, Tara. “HHS Announces Multiple HIPAA Settlements Related to Data Breaches and the Right of Access Initiative.” Lexology. (October 6, 2020). Web.

Castricone, Dena. “The Crushing Cost Of HIPAA Security Rule Noncompliance.” Law360. (October 1, 2020). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law

Certifying Emotional Support Animals and Protecting Your Healthcare License, Part 1 of 2

Attorney Amanda I. ForbesBy Amanda I. Forbes, J.D., and George F. Indest III, J.D., M.P.A., LL.M., Board Certified in Health Law

In today’s stress-filed world if you are a mental health counselor or other professional counselor, it is likely that you will encounter a client seeking to obtain an Emotional Support Animal (ESA)
designation letter from you. Providing such a letter may cause you to face complaints, licensing, and disciplinary actions driven by hostile landlords, homeowners associations, and business establishments that do not want any sort of animals on their premises. Often cases wind up in civil litigation. The client may also try to retaliate against you, should the client be the victim of legal problems because of attempting to keep an ESA and not understanding the legal ramifications.

However, you, as an experienced, licensed mental health professional must know what to do and not to do to protect your license and your career.

This is part 1 of 2 in a blog series regarding Emotional Support Animals. Click here for part two. We also intend to do a follow-up blog series on working animals and how they are legally distinguished from ESAs.

Here are some tips to keep in mind should you decide to provide an ESA recommendation letter:

1. You must develop and document a properly established therapist-client relationship with the client prior to writing a recommendation–do whatever you would normally do for any other client seeking your help who walks in the door.

2. Confirm the actual, true identity of the client to be sure you know with whom you are dealing. Request and obtain at least two different forms of photo ID, one including a driver’s license for the equivalent. Check and verify the name and address on the Internet or with directory assistance. (I have a personal rule of thumb: “If you can’t find a person on the Internet, then he is a fake and does not exist”).

3. Obtain the client’s complete mental health history and medical history, requesting and obtaining other treater’s records just as you would do for any other client/patient.

4. If the client has been referred to you by another provider, especially one in a different medical or health specialty, request a written referral documenting the need for the referral to you.

5. Adequately and thoroughly make and document any decision that an ESA will benefit the client and help in treating any mental health symptoms. Be thorough and document it.

6. Assign a code from the Diagnostic and Statistical Manual, ed. 5 (DSM-5 ), to the patient, or obtain one from the patient’s regular treating psychiatrist, psychologist, or mental health therapist.

7. The most important element involved is to show that there is an actual medical necessity for the client to have an ESA or that there will be a therapeutic benefit for the client to have the ESA. If you cannot justify and document this, then do not approve the request.

8. Evaluate the ESA, preferably by an in-person meeting or tele-health conference, and determine that it will benefit the client, be sure to document this evaluation and comment on the weight, height, aggressiveness, and character of the ESA. It is most helpful to have a form the ESA’s veterinarian will complete, sign, and return to you for confirmation of this information and, perhaps, an indication that the animal is suitable in character. Keep this in your record.

9. Thoroughly document the above in your chart on the client.

10. Have a thorough knowledge of your state’s laws and professional licensing board’s regulations concerning ESAs. You might review past disciplinary cases in which counselors have received discipline relating to ESAs in your state.

Warning About Organizations that Target Mental Health Counselors, Psychoanalysts, and Professional Counselors Who Approve Emotional Support Animals.

Those mental health counselors, social workers, professional counselors, and therapists who are involved in the certification or approval of emotional support animals and working animals should be advised that there are a number of organizations and individuals out there who seek out and target those who certify or approve such animals. These organizations and individuals see many cases of abuse and improper certifications being used. They see individuals who appear to have no real medical need for such an animal “purchasing” such certifications. They view them as a merely “privileged” individual who merely buys such certification for their pet just so that can take the pet everywhere and garner attention for themselves.

Sometimes these organizations and individuals even pretend to be a patient seeking certification of an emotional support animal or a working animal. They do often contact counselors using fake names and pretending to be fake patients to see how far the therapist will go without even having a real patient. Then they file a complaint with the therapist’s professional board in an attempt to have disciplinary action taken against their license.

Therefore, it is imperative that you follow the tips mentioned in this article.

Guidance from the American Counseling Association:

The American Counseling Association (ACA) published a position paper titled: Emotional Support Animals-Human Animal Interactions in Counseling Interest Network Position Statement.

In that position paper the ACA stated:

As Licensed Professional Counselors, the assessment of DSM-5 diagnoses for human clients is within the scope of practice; however, the added practices of animal behavior, behavior assessment or Human-Animal Interventions are (most often) not. Emotional Support Animal may, in some specific circumstances, provide benefits to humans to minimize identified symptoms often associated with a DSM 5 diagnoses; however, because of the potential risks and unanticipated outcomes, the HAIC strongly suggests that counselors abstain from writing letters for persons seeking counseling or assessments for the sole purpose of obtaining an ESA recommendation letter.

Click here to read the ACA letter in full.

However, if the counselor already has an existing treating relationship with a client and the counselor is considering writing an ESA recommendation letter, then the ASA recommends:

[T]he counselor must have a thorough knowledge of the local, state, and federal laws and policies surrounding ESAs and appropriate knowledge, skills, and attitudes with the subject of therapeutic human-animal interactions before writing such a letter.

Click here to learn more.

The ACA also cautions:

The ACA’s Code of Ethics C.2.e Consultations on Ethical Obligations includes “taking reasonable steps with other counselors, the ACA Ethics and Professional Standards Department, or related professionals when they have questions regarding their ethical obligations or professional practice.” This may include working with animal trainers, behaviorists, or veterinary behaviorists to ensure that the clinician remains within their scope of practice. Since there is no overarching licensing or accrediting body for this matter, nor are there federal or state mandates at this time, the onus is on the clinician to ensure ethical practice.

https://www.unh.edu/sites/default/files/departments/student_accessibility_services_/aca.final_version_esa14556_002.pdf. (Emphasis added).

Don’t forget to read part 2 in this blog series to learn more.

Contact Health Law Attorneys Experienced Investigations of Mental Health Counselors, Psychologists, Social Workers, and Family Therapists.

The attorneys of The Health Law Firm provide legal representation to mental health counselors, psychologists, social workers, and family therapists in Department of Health (DOH) investigations, FBI investigations and other types of investigations of health professionals and providers. To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

In cases in which the health care professional has professional liability insurance or general liability insurance which provides coverage for such matters, we will seek to obtain coverage by your insurance company and will attempt to have your legal fees and expenses covered by your insurance company. If allowed, we will agree to take an assignment of your insurance policy proceeds in order to be able to submit our bills directly to your insurance company.

We also defend health professionals and health facilities in general litigation matters and business litigation matters.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 or Toll-Free: (888) 331-6620, and visit our website at www.TheHealthLawFirm.com.

GEORGE F. INDEST III, J.D., M.P.A., LL.M.About the Authors: Amanda I. Forbes, practices health law with The Health Law Firm in its Altamonte Springs, Florida, office. George F. Indest III, J.D., M.P.A., LL.M., is Board Certified in Health Law by The Florida Bar and is licensed in Louisiana, Florida, and the District of Columbia. He is President and Managing Partner of The Health Law Firm. Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com. The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll Free: (888) 331-6620.

KeyWords: Representation for healthcare professionals, representation for healthcare compliance, representation for healthcare facilities, healthcare facility defense lawyer, healthcare compliance defense attorney, healthcare license defense attorney, Complex Healthcare Litigation, complex healthcare litigation defense lawyer, Complex Business Litigation, Complex Commercial Litigation, Class Action Litigation, medical regulatory defense lawyer, representation for licensed mental health counselors (LMHCs), mental health counselor defense lawyer, licensed professional counselor (LPC) defense attorney lawyer, mental health counselor legal representation, licensed professional counselor (LPC) legal representation, social worker defense lawyer, representation for social workers, social worker defense attorney, social worker complaint cases, Florida Colorado Louisiana mental health counselor complaint cases, defense lawyer for psychologists, Florida health law defense attorney, medical license defense, Florida Department of Health (DOH) attorney, representation for Louisiana and Florida Department of Health (DOH) complaint investigations, Louisiana and Florida Department of Health (DOH) defense lawyer, Colorado Division of Regulatory Agencies (DORA) defense attorney, representation for Florida Colorado Division of Regulatory Agencies (DORA) complaint investigations, Colorado Division of Regulatory Agencies (DORA) defense lawyer, Lousiana LPC Board defense attorney lawyer, Health Law Firm reviews, reviews of The Health Law Firm attorneys, administrative complaint defense lawyer, administrative complaint defense attorney, administrative hearing defense lawyer, administrative hearing defense attorney, administrative hearing defense legal counsel, representation for health care professionals

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2020 The Health Law Firm. All rights reserved.

By |2021-02-17T11:18:52-05:00March 19th, 2021|Categories: Health Facilities Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |0 Comments

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that compromised over 200,000 patient records. Part of the settlement included a Corrective Action Plan, or CAP, which the clinic agreed to adopt, to help prevent future breaches of privacy. Click here to view the resolution agreement and Corrective Action Plan (CAP).

On September 24, 2020, the OCR publicized a settlement with an information technology (IT) and health information management company. The business agreed to pay $2.3 million to settle claims of systemic security rule violations relating to a 2014 hacking incident impacting the personal health information (PHI) of more than 6 million individuals. Click here to read the settlement agreement.

Days later, the OCR released information about a $6.85 million settlement with Premera Blue Cross, the largest health plan in the Pacific Northwest. The settlement, the second largest to date, related to a 2015 cyber-attack which exposed the health information of more than 10 million individuals. To read the resolution agreement in full, click here.

In regard to these settlements, the OCR alleged that the following security rule violations had occurred:

1. Failure to conduct an adequate and thorough risk analysis;

2. Failure to implement sufficient mechanisms to record and examine system activities;

3. Failure to enter into business associate agreements with vendors with access to electronic protected health information;

4. Failure to implement reasonable security measures to reduce risks and vulnerabilities;

5. Failure to respond to and document a known security incident;

6. Failure to implement technical policies and procedures regarding access; and

7. Failure to implement procedures to regularly review system activity logs and reports.

Readers could use the above as a compliance checklist to make sure their own systems of records are being properly protected.

Consequences of HIPAA Rule Noncompliance.

The HIPAA Security Rule establishes a set of national standards for confidentiality, integrity, and availability of e-PHI. HHS is responsible for administering and enforcing these standards, along with enforcement of the HIPAA Privacy Rule. Therefore, the agency may conduct complaint investigations and compliance reviews. To learn more details about the HIPAA Security Rule, click here.

HHS looks for systems failures, prior breaches, missing risk analyses, or absence of or inadequate HIPAA policies. Without question, any compliance violations will result in an enforcement action. And as these three settlements have demonstrated, enforcement can be costly.

Don’t Wait Until It’s Too Late, Protect Yourself from HIPAA Security Rule Compliance Violations.

Businesses and organizations need to acknowledge the need to act and create a HIPAA security rule compliance plan. Locating existing security policies and the last completed risk analysis is an essential step in compliance. If it’s been over a year, perform or update risk analysis to identify risks or vulnerabilities on all systems that contain any e-PHI. Security rule compliance requires regular attention and detailed records. Take steps now to help protect e-PHI from data breaches, and avoid millions of dollars in settlements or fines.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions to investigate and defend alleged HIPAA complaints and violations and prepare Corrective Action Plans (CAPs). Our attorneys regularly defend OCR HIPAA audits, defend in HIPAA complaint investigations, assist in preparing a HIPAA Risk Analyses, defend in federal administrative actions and administrative hearing cases, and defend in civil or administrative litigation of HIPAA/breach of medical confidentiality law suits.

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Kraus, Anna and Carrier, Tara. “HHS Announces Multiple HIPAA Settlements Related to Data Breaches and the Right of Access Initiative.” Lexology. (October 6, 2020). Web.

Castricone, Dena. “The Crushing Cost Of HIPAA Security Rule Noncompliance.” Law360. (October 1, 2020). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law

Finding a NSO Insurance Attorney to Defend You in a Complaint Against Your Nursing License

Attorney George F. Indest IIIBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Many nurses, nurse practitioners, and certified registered nurse anesthetists (CRNAs) carry professional malpractice insurance through the Nurses Service Organization (NSO) or one of the other similar insurance companies. This insurance is inexpensive and provides excellent coverage. What you may not realize, however, is that such insurance provides many added benefits, other than just coverage on nursing liability lawsuits. It will pay for legal defense expenses if there is a complaint filed against your nursing license. It will pay legal expenses for a lawyer to get involved and represent you if you receive a subpoena to testify or provide records. It will cover you if you have a HIPAA complaint or breach of medical privacy complaint filed against you.

Under such policies, the insurance company will pay the legal fees and other costs related to your defense. However, most of the time, you will still be required to locate and retain the appropriate attorney to represent you in the matter.

What to look for when retaining an attorney to defend you.

1. Your primary concern should be to find and retain an attorney who accepts the insurance that you have, whether it is NSO Insurance, CPH & Associates Insurance, Philadelphia Insurance, Trust Management Services, Firemans Fund, or another national company. This will ensure that you have an attorney who will give you the lower rates the insurance company had negotiated and will have a good working relationship established with your insurance company. If an attorney with our firm cannot represent you, we will certainly try to find an attorney who will.

2. Another primary qualification for any attorney you hire to represent you should be his or her experience in working with health professionals in the same field and on similar matters. If the attorney is not familiar with your area of health practice, it may be difficult for that attorney to get up to speed to represent you properly.

3. If you come across an attorney who states that she or he will help you make a statement to the investigator or assist you in the investigation, but does not appear with you in hearings, then this is the wrong attorney. You need an attorney who can represent you from start to finish.

4. Often you will come across an attorney who only wants you to accept a consent order, stipulation, or settlement agreement. Remember that these are all merely “plea bargains” and by signing this type of agreement, you will be pleading guilty to whatever offenses are charged. In most cases, you will probably be innocent of the charges and should request a formal administrative hearing in order to prove this.

5. You also want to retain the services of an attorney who has appeared before your professional board or professional licensing authority in investigations and hearings, especially formal and informal administrative hearings. The lack of familiarity with such investigations and boards can be costly to you.

6. You don’t necessarily need an attorney who is located in your city, county, or state. Almost all the work on the case will be done by telephone and e-mail. You usually have only one meeting or hearing with the investigator or its board and, depending on what type of hearing it is, it could be located in many different locations. Our attorneys will travel to those locations for meetings and hearings.

7. Beware of attorneys who hold themselves out in Internet advertising as health attorneys or professional license defense attorneys but are really some other type of attorney. We see this a lot from medical malpractice attorneys, criminal defense attorneys and attorneys who sue insurance companies. Be sure you get an attorney who concentrates his or her practice in defending nurses with nursing complaints, investigations, and hearings.

8. If you can’t find an attorney to meet your immediate needs through an Internet search, you may contact your insurance company or professional association and ask if they have a list of attorneys that can do the legal work you require. For example, you may reach Nurses Service Organization (NSO) at (800) 247-1500; you can reach CPH & Associates at (800) 875-1911 or (312) 987-9823; you can access a list of professional license defense attorneys who represent nurses online at: https://taana.org/referral/

Contact Health Law Attorneys Experienced in Representing Nurses.

The Health Law Firm’s attorneys routinely represent nurses in Board of Nursing investigations and complaints, DORA investigations and complaints, and Department of Health (DOH) investigations and complaints. We appear before the Board of Nursing in licensing matters and in many other legal matters. We represent nurses across the U.S., not just in Colorado, Florida, Louisiana, Virginia, and Washington, D.C.

To contact The Health Law Firm please call (407) 331-6620 or (850) 439-1001 or (970) 416-7456 and visit our website at www.TheHealthLawFirm.com.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law Firm. All rights reserved.

 

 

By |2021-02-17T16:09:02-05:00February 17th, 2021|Categories: Nursing Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |0 Comments

Certifying Emotional Support Animals and Protecting Your License, Part 1 of 2

Attorney Amanda I. ForbesBy Amanda I. Forbes, J.D., and Carole C. Schriefer, J.D.

In today’s stress-filed world if you are a mental health counselor or other professional counselor, it is likely that you will encounter a client seeking to obtain an Emotional Support Animal (ESA)
designation letter from you. Providing such a letter may cause you to face complaints, licensing, and disciplinary actions driven by hostile landlords, homeowners associations, and business establishments that do not want any sort of animals on their premises. Often cases wind up in civil litigation. The client may also try to retaliate against you, should the client be the victim of legal problems because of attempting to keep an ESA and not understanding the legal ramifications.

However, you, as an experienced, licensed mental health professional must know what to do and not to do to protect your license and your career.

This is part 1 of 2 in a blog series regarding Emotional Support Animals. Click here for part two. We also intend to do a follow-up blog series on working animals and how they are legally distinguished from ESAs.

Here are some tips to keep in mind should you decide to provide an ESA recommendation letter:

1. You must develop and document a properly established therapist-client relationship with the client prior to writing a recommendation–do whatever you would normally do for any other client seeking your help who walks in the door.

2. Confirm the actual, true identity of the client to be sure you know with whom you are dealing. Request and obtain at least two different forms of photo ID, one including a driver’s license for the equivalent. Check and verify the name and address on the Internet or with directory assistance. (I have a personal rule of thumb: “If you can’t find a person on the Internet, then he is a fake and does not exist”).

3. Obtain the client’s complete mental health history and medical history, requesting and obtaining other treater’s records just as you would do for any other client/patient.

4. If the client has been referred to you by another provider, especially one in a different medical or health specialty, request a written referral documenting the need for the referral to you.

5. Adequately and thoroughly make and document any decision that an ESA will benefit the client and help in treating any mental health symptoms. Be thorough and document it.

6. Assign a code from the Diagnostic and Statistical Manual, ed. 5 (DSM-5 ), to the patient, or obtain one from the patient’s regular treating psychiatrist, psychologist, or mental health therapist.

7. The most important element involved is to show that there is an actual medical necessity for the client to have an ESA or that there will be a therapeutic benefit for the client to have the ESA. If you cannot justify and document this, then do not approve the request.

8. Evaluate the ESA, preferably by an in-person meeting or tele-health conference, and determine that it will benefit the client, be sure to document this evaluation and comment on the weight, height, aggressiveness, and character of the ESA. It is most helpful to have a form the ESA’s veterinarian will complete, sign, and return to you for confirmation of this information and, perhaps, an indication that the animal is suitable in character. Keep this in your record.

9. Thoroughly document the above in your chart on the client.

10. Have a thorough knowledge of your state’s laws and professional licensing board’s regulations concerning ESAs. You might review past disciplinary cases in which counselors have received discipline relating to ESAs in your state.

Warning About Organizations that Target Mental Health Counselors, Psychoanalysts, and Professional Counselors Who Approve Emotional Support Animals.

Those mental health counselors, social workers, professional counselors, and therapists who are involved in the certification or approval of emotional support animals and working animals should be advised that there are a number of organizations and individuals out there who seek out and target those who certify or approve such animals. These organizations and individuals see many cases of abuse and improper certifications being used. They see individuals who appear to have no real medical need for such an animal “purchasing” such certifications. They view them as a merely “privileged” individual who merely buys such certification for their pet just so that can take the pet everywhere and garner attention for themselves.

Sometimes these organizations and individuals even pretend to be a patient seeking certification of an emotional support animal or a working animal. They do often contact counselors using fake names and pretending to be fake patients to see how far the therapist will go without even having a real patient. Then they file a complaint with the therapist’s professional board in an attempt to have disciplinary action taken against their license.

Therefore, it is imperative that you follow the tips mentioned in this article.

Guidance from the American Counseling Association:

The American Counseling Association (ACA) published a position paper titled: Emotional Support Animals-Human Animal Interactions in Counseling Interest Network Position Statement.

In that position paper the ACA stated:

As Licensed Professional Counselors, the assessment of DSM-5 diagnoses for human clients is within the scope of practice; however, the added practices of animal behavior, behavior assessment or Human-Animal Interventions are (most often) not. Emotional Support Animal may, in some specific circumstances, provide benefits to humans to minimize identified symptoms often associated with a DSM 5 diagnoses; however, because of the potential risks and unanticipated outcomes, the HAIC strongly suggests that counselors abstain from writing letters for persons seeking counseling or assessments for the sole purpose of obtaining an ESA recommendation letter.

Click here to read the ACA letter in full.

However, if the counselor already has an existing treating relationship with a client and the counselor is considering writing an ESA recommendation letter, then the ASA recommends:

[T]he counselor must have a thorough knowledge of the local, state, and federal laws and policies surrounding ESAs and appropriate knowledge, skills, and attitudes with the subject of therapeutic human-animal interactions before writing such a letter.

Click here to learn more.

The ACA also cautions:

The ACA’s Code of Ethics C.2.e Consultations on Ethical Obligations includes “taking reasonable steps with other counselors, the ACA Ethics and Professional Standards Department, or related professionals when they have questions regarding their ethical obligations or professional practice.” This may include working with animal trainers, behaviorists, or veterinary behaviorists to ensure that the clinician remains within their scope of practice. Since there is no overarching licensing or accrediting body for this matter, nor are there federal or state mandates at this time, the onus is on the clinician to ensure ethical practice.

https://www.unh.edu/sites/default/files/departments/student_accessibility_services_/aca.final_version_esa14556_002.pdf. (Emphasis added).

Don’t forget to read part 2 in this blog series to learn more.

Contact Health Law Attorneys Experienced Investigations of Mental Health Counselors, Psychologists, Social Workers, and Family Therapists.

The attorneys of The Health Law Firm provide legal representation to mental health counselors, psychologists, social workers, and family therapists in Department of Health (DOH) investigations, FBI investigations and other types of investigations of health professionals and providers. To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

In cases in which the health care professional has professional liability insurance or general liability insurance which provides coverage for such matters, we will seek to obtain coverage by your insurance company and will attempt to have your legal fees and expenses covered by your insurance company. If allowed, we will agree to take an assignment of your insurance policy proceeds in order to be able to submit our bills directly to your insurance company.

We also defend health professionals and health facilities in general litigation matters and business litigation matters.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 or Toll-Free: (888) 331-6620, and visit our website at www.TheHealthLawFirm.com.

About the Authors: Amanda I. Forbes, practices health law with The Health Law Firm in its Altamonte Springs, Florida, office. Carole C. Schriefer is an attorney and former registered nurse.  Its main office is in Orlando, Florida, area. www.TheHealthLawFirm.com. The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 or Toll Free: (888) 331-6620.

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law Firm. All rights reserved.

By |2021-02-17T11:15:55-05:00February 17th, 2021|Categories: Colorado Health Law Blog|Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , |0 Comments

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

Attorney Carole C. SchrieferBy Carole C. Schriefer, J.D.

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that compromised over 200,000 patient records. Part of the settlement included a Corrective Action Plan, or CAP, which the clinic agreed to adopt, to help prevent future breaches of privacy. Click here to view the resolution agreement and Corrective Action Plan (CAP).

On September 24, 2020, the OCR publicized a settlement with an information technology (IT) and health information management company. The business agreed to pay $2.3 million to settle claims of systemic security rule violations relating to a 2014 hacking incident impacting the personal health information (PHI) of more than 6 million individuals. Click here to read the settlement agreement.

Days later, the OCR released information about a $6.85 million settlement with Premera Blue Cross, the largest health plan in the Pacific Northwest. The settlement, the second largest to date, related to a 2015 cyber-attack which exposed the health information of more than 10 million individuals. To read the resolution agreement in full, click here.

In regard to these settlements, the OCR alleged that the following security rule violations had occurred:

1. Failure to conduct an adequate and thorough risk analysis;

2. Failure to implement sufficient mechanisms to record and examine system activities;

3. Failure to enter into business associate agreements with vendors with access to electronic protected health information;

4. Failure to implement reasonable security measures to reduce risks and vulnerabilities;

5. Failure to respond to and document a known security incident;

6. Failure to implement technical policies and procedures regarding access; and

7. Failure to implement procedures to regularly review system activity logs and reports.

Readers could use the above as a compliance checklist to make sure their own systems of records are being properly protected.

Consequences of HIPAA Security Rule Noncompliance.

The HIPAA Security Rule establishes a set of national standards for confidentiality, integrity, and availability of e-PHI. HHS is responsible for administering and enforcing these standards,along with enforcement of the HIPAA Privacy Rule. Therefore, the agency may conduct complaint investigations and compliance reviews. To learn more details about the HIPAA Security Rule, click here.

HHS looks for systems failures, prior breaches, missing risk analyses, or absence of or inadequate HIPAA policies. Without question, any compliance violations will result in an enforcement action. And as these three settlements have demonstrated, enforcement can be costly.

Don’t Wait Until It’s Too Late, Protect Yourself from HIPAA Security Rule Compliance Violations.

Businesses and organizations need to acknowledge the need to act and create a HIPAA security rule compliance plan. Locating existing security policies and the last completed risk analysis is an essential step in compliance. If it’s been over a year, perform or update risk analysis to identify risks or vulnerabilities on all systems that contain any e-PHI. Security rule compliance requires regular attention and detailed records. Take steps now to help protect e-PHI from data breaches, and avoid millions of dollars in settlements or fines.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions to investigate and defend alleged HIPAA complaints and violations and prepare Corrective Action Plans (CAPs). Our attorneys regularly defend OCR HIPAA audits, defend in HIPAA complaint investigations, assist in preparing a HIPAA Risk Analyses, defend in federal administrative actions and administrative hearing cases, and defend in civil or administrative litigation of HIPAA/breach of medical confidentiality law suits.

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Kraus, Anna and Carrier, Tara. “HHS Announces Multiple HIPAA Settlements Related to Data Breaches and the Right of Access Initiative.” Lexology. (October 6, 2020). Web.

Castricone, Dena. “The Crushing Cost Of HIPAA Security Rule Noncompliance.” Law360. (October 1, 2020). Web.

About the Author: Carole C. Schriefer is an attorney and former registered nurse. She practices with The Health Law Firm, which has a national practice. Its regional office is in the Northern Colorado, area. www.TheHealthLawFirm.com The Health Law Firm, 155 East Boardwalk Drive, Fort Collins, Colorado 80525. Phone: (970) 416-7456 or Toll-Free: (888) 331-6620. Its main office is in the Orlando, Florida area.

The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law

Multiple Settlements with HHS for HIPAA Security Rule Violations & Data Breaches

George IndestBy George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

In September 2020, the Department of Health and Human Services (HHS) announced three settlements to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. The settlements, totaling $10.6 million, stem from data breaches in which hackers were able to access and obtain individuals’ protected health information (PHI) from U.S. health providers. Combined, the three hacking incidents compromised the health information of more than 16 million patients.

Summary of the HIPAA Security Rule Settlements.

On September 21, 2020, the Office of Civil Rights, or OCR, the division of HHS which receives and investigates HIPAA complaints, announced a settlement with an orthopedic clinic in Georgia. The clinic agreed to pay $1.5 million after a 2016 hacking incident that compromised over 200,000 patient records. Part of the settlement included a Corrective Action Plan, or CAP, which the clinic agreed to adopt, to help prevent future breaches of privacy. Click here to view the resolution agreement and Corrective Action Plan (CAP).

On September 24, 2020, the OCR publicized a settlement with an information technology (IT) and health information management company. The business agreed to pay $2.3 million to settle claims of systemic security rule violations relating to a 2014 hacking incident impacting the personal health information (PHI) of more than 6 million individuals. Click here to read the settlement agreement.

Days later, the OCR released information about a $6.85 million settlement with Premera Blue Cross, the largest health plan in the Pacific Northwest. The settlement, the second largest to date, related to a 2015 cyber-attack which exposed the health information of more than 10 million individuals. To read the resolution agreement in full, click here.

In regard to these settlements, the OCR alleged that the following security rule violations had occurred:

1. Failure to conduct an adequate and thorough risk analysis;

2. Failure to implement sufficient mechanisms to record and examine system activities;

3. Failure to enter into business associate agreements with vendors with access to electronic protected health information;

4. Failure to implement reasonable security measures to reduce risks and vulnerabilities;

5. Failure to respond to and document a known security incident;

6. Failure to implement technical policies and procedures regarding access; and

7. Failure to implement procedures to regularly review system activity logs and reports.

Readers could use the above as a compliance checklist to make sure their own systems of records are being properly protected.

Consequences of HIPAA Rule Noncompliance.

The HIPAA Security Rule establishes a set of national standards for confidentiality, integrity, and availability of e-PHI. HHS is responsible for administering and enforcing these standards, along with enforcement of the HIPAA Privacy Rule. Therefore, the agency may conduct complaint investigations and compliance reviews. To learn more details about the HIPAA Security Rule, click here.

HHS looks for systems failures, prior breaches, missing risk analyses, or absence of or inadequate HIPAA policies. Without question, any compliance violations will result in an enforcement action. And as these three settlements have demonstrated, enforcement can be costly.

Don’t Wait Until It’s Too Late, Protect Yourself from HIPAA Security Rule Compliance Violations.

Businesses and organizations need to acknowledge the need to act and create a HIPAA security rule compliance plan. Locating existing security policies and the last completed risk analysis is an essential step in compliance. If it’s been over a year, perform or update risk analysis to identify risks or vulnerabilities on all systems that contain any e-PHI. Security rule compliance requires regular attention and detailed records. Take steps now to help protect e-PHI from data breaches, and avoid millions of dollars in settlements or fines.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals, and other healthcare providers and institutions to investigate and defend alleged HIPAA complaints and violations and prepare Corrective Action Plans (CAPs). Our attorneys regularly defend OCR HIPAA audits, defend in HIPAA complaint investigations, assist in preparing a HIPAA Risk Analyses, defend in federal administrative actions and administrative hearing cases, and defend in civil or administrative litigation of HIPAA/breach of medical confidentiality law suits.

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or toll-free (888) 331-6620.

Sources:

Kraus, Anna and Carrier, Tara. “HHS Announces Multiple HIPAA Settlements Related to Data Breaches and the Right of Access Initiative.” Lexology. (October 6, 2020). Web.

Castricone, Dena. “The Crushing Cost Of HIPAA Security Rule Noncompliance.” Law360. (October 1, 2020). Web.

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave. Suite 1000, Altamonte Springs, FL 32714, Phone: (407) 331-6620 Toll-Free: (888) 331-6620.

The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2021 The Health Law

Go to Top