Office of Civil Rights (OCR) | The Health Law Firm Blog

Are You Worried About Health Care Compliance Consequences? Have They Gone Too Far?

By Lance O. Leider, J.D., LL.M., The Health Law Firm

From large hospital systems to solo practitioners, there is no escaping health care compliance in the industry. The concept of compliance can spark different thoughts in different people. For example, some believe it is an unnecessary government intrusion and others believe it’s a way to improve the quality and costs of health care.

No matter your thoughts on health care compliance and government oversight, regulation of the health care industry will never be eliminated. In fact, we expect it to increase as more quality-based requirements are implemented.

We believe compliance and regulations are necessary, but we have to wonder if sometimes these laws go too far.

Those Cute Baby Photos Can Cost You.

As an example of laws going too far, photos of cooing newborn babies used to cover the bulletin boards of doctors’ offices. However, under the Health Insurance Portability and Accountability Act (HIPAA), these baby photos are considered protected health information, along the same lines as a medical chart or social security number. A report by The New York Times indicates many offices have removed these types of photos or moved them to private portions of the office. According to the Office for Civil Rights (OCR) Department of Health and Human Services (HHS), doctors’ offices are not allowed to post these photos without a specific written authorization from the parent.

To read more on this topic, click here.

Health Care Compliance Overview.

Health care compliance is the ongoing process of meeting or exceeding the legal, ethical and professional standards applicable to a particular health care organization or provider. Health care compliance requires health care organizations and providers to develop effective processes, policies, and procedures to define appropriate conduct, train the organization’s staff, and then monitor the adherence to the processes, polices and procedures.

Health care compliance covers numerous areas including patient care, billing, reimbursement, managed care contracting, OSHA, and HIPAA privacy and security to new a few.

To read a basic overview of health care compliance for organizations and providers, click here.

How to Deal with Compliance Overkill.

The primary purpose of health care compliance is to improve patient care. It is nearly impossible to overstate the complexity of health care compliance. Health care organizations and providers are not only required to comply with Medicare rules and regulations, but they are also required to comply with numerous other federal and state health care laws, rules and regulations.

When dealing with compliance issues, our recommendation is to use your common sense and best judgment. Fear usually leads to absurd situations. With all the fear and propaganda out there it is important to stick to your instincts and put patient care first.

Health care compliance is cumbersome, many may agree too cumbersome. However, it is here to stay.

Do you think health care compliance has gone too far? How do you try to keep up with health care compliance laws and regulations? Are you worried about compliance consequences?

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Hartocollis, Anemona. “Baby Pictures at the Doctor’s? Cute, Sure, but Illegal.” The New York Times. (August 9, 2014). From: http://www.nytimes.com/2014/08/10/nyregion/baby-pictures-at-doctors-cute-sure-but-illegal.html?_r=0

Kirsch, M.D., Michael. “The Consequences of Zero Tolerance: Why HIPAA is Overkill.” Kevin M.D. (January 1, 2014). From: http://www.kevinmd.com/blog/2014/01/consequences-tolerance-hipaa-overkill.html

About the Author: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

KeyWords: Health Insurance Portability and Accountability Act (HIPAA), HIPAA Omnibus Rule, HIPAA compliance, HIPAA lawyer, HIPAA compliance attorney, data security lawyer, protected health information (PHI), Patient privacy, U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR), patient rights, HIPAA compliance audit, privacy defense attorney, health care compliance lawyer, compliance defense attorney, healthcare compliance defense lawyer, health care defense lawyer, HIPAA attorney, HIPAA lawyer, compliance plans, health law firm, The Health Law Firm, health law defense attorney, health care professional defense attorney, legal representation for healthcare professionals, reviews of The Health Law Firm, The Health Law Firm attorney reviews

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2018 The Health Law Firm. All rights reserved.

By The Health Law Firm|2024-03-14T10:00:21-04:00October 27, 2018|Categories: The Health Law Firm Blog|Tags: compliance defense attorney, compliance plans, data security lawyer, health care compliance lawyer, health care defense lawyer, health care professional defense attorney, Health Insurance Portability and Accountability Act (HIPAA), health law defense attorney, health law firm, healthcare compliance defense lawyer, HIPAA attorney, HIPAA compliance, HIPAA compliance attorney, HIPAA compliance audit, HIPAA lawyer, HIPAA Omnibus Rule, legal representation for healthcare professionals, Office of Civil Rights (OCR), Patient privacy, patient rights, privacy defense attorney, protected health information (PHI), reviews of The Health Law Firm, the health law firm, The Health Law Firm attorney reviews, U.S. Department of Health and Human Services (HHS)|Comments Off

Health Care Professionals Take Note of the New HIPAA Rules

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law, and Lance O. Leider, J.D., The Health Law Firm

With the popularity of electronic health records (EHRs), social media and everything in between, the U.S. Department of Health and Human Services (HHS) has released stronger rules and protections governing patient privacy. On January 17, 2013, the HHS announced the omnibus rule to strengthen the privacy and security protection established under the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Click here to read the entire 563-page rule.

Now, I can’t say that I’ve read the entire document yet, but I can tell you about the major parts of the omnibus rule, and what it means to you.

It is Your Responsibility to Keep Patient Information Safe.

HHS is expanding the government’s jurisdiction over healthcare providers, health plans and other entities that process health insurance claims to include their contractors and subcontractors with whom providers share protected health information. As the industry embraces new care delivery models, including accountable care organizations (ACOs) and integrated delivery systems, data is exchanged between physicians, hospitals and additional providers to improve care and reduce costs. This all has to be done while keeping patient data safe. According to the HHS, some of the largest breaches involve business associates and not the covered entities themselves.

The government is committed to doing more HIPAA compliance audits and collecting more fines. The fines the government collects will help to fund the audit process. Because of this rule, we will see audits of business associates and their subcontractors, not just covered entities.

Under the new rule, penalties have been increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.

The “Wall of Shame” is a Public Display of Breaches.

The changes also improve the Health Information Technology for Economic and Clinical Health (HITECH) breach notification requirements by making it clear when breaches must be reported to the Office for Civil Rights (OCR), according to the HHS.

Once reported to the OCR, the breaches are then placed on what is commonly known in the healthcare industry as the “Wall of Shame.” It’s a comprehensive list of privacy breaches each affecting more than 500 people. We’re currently working on a “Wall of Shame” blog, so more on that later.

Patient Demographics and Marketing.

One part of the final rule also sets new regulations for how patient information can be used for marketing and fundraising. It ensures that such information cannot be sold without a patient’s permission. According to an article in Fierce Healthcare, this provision is a huge win for patient advocates and privacy groups who blast hospitals for mining patient data to target affluent or privately insured patients. Hospitals using health and demographic data from patients’ records to target advertising could be in hot water.

Click here to read the entire Fierce Healthcare article.

If Your are Unsure, Get a HIPAA Risk Assessment.

Since the HIPAA laws have changed, you need to edit your privacy forms and procedures. Many health providers simply don’t have the time to re-review their policies and revise documents. A HIPAA risk assessment is a thorough review and analysis of areas where you may have risk of violating the HIPAA laws. Federal regulations require that covered entities have this assessment done. A HIPAA risk assessment can significantly reduce, if not entirely eliminate, your exposure to regulatory and litigation sanctions.

When the OCR auditor comes to visit your office to check for HIPAA compliance, they will ask for your risk assessment. Do you have one? Does your staff know who your HIPAA compliance officer is? Call an experienced health law attorney to complete a risk assessment of your practice today. To learn more on HIPAA risk assessments, click here to read a blog we wrote.

Take a Closer Look at Your Privacy Practices.

Healthcare providers, now is the time to revise your Notice of Privacy. The final rule will be effective on March 26, 2013. Covered entities and their business associates will have until September 21, 2013, to comply.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sound Off.

What do you think about the new HIPAA rules? Do you think these updates were necessary? Do you think it will be difficult for health professionals to comply? Please leave any thoughtful comments below.

Sources:

HHS Press Office. “New Rule Protects Patient Privacy, Secures Health Information.” U.S. Department of Health and Human Services. (January 17, 2013). From: http://www.hhs.gov/news/press/2013pres/01/20130117b.html

Struck, Kathleen. “HIPAA Rules Fortify Patient Privacy.” MedPage Today. (January 21, 2013). From: http://www.medpagetoday.com/PracticeManagement/InformationTechnology/36940

Conn, Joseph. “New Rule: Hospital, Physician Partners Face Penalties for Privacy Leaks.” Modern Healthcare. (January 17, 2013). From: http://www.modernhealthcare.com/article/20130117/NEWS/301179957/new-rule-hospital-physician-partners-face-penalties-for-privacy&utm_source=home&utm_medium=web&utm_campaign=most-popular-box

Caramenico, Alicia. “New HIPAA Rule a Delicate Balance Between Privacy, Sharing.” Fierce Healthcare. (January 18, 2013). From: http://www.fiercehealthcare.com/story/new-hipaa-rule-delicate-balance-between-privacy-sharing/2013-01-18

Authors: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

Affinity Health Plan Settles with Government in Photocopier HIPAA Breach Incident Involving Patient Medical Information

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The U.S. Department of Health and Humans Services (HHS) Office of Civil Rights (OCR), and Affinity Health Plan, Inc. (Affinity), reached a settlement for more than $1.2 million for potential violations of the Health Insurance Portability and Accountability Act (HIPAA). The alleged violations related to a photocopier previously leased by Affinity. The photocopier had an internal hard drive which stored copies of documents, including medical records, which had been photocopied by Afinity. The photocopier was returned to the leasing company and then later purchased from that same company by CBS Evening News. Apparently CBS Evening News then discovered the medical records on the photocopier hard drive.

According to the HHS, Affinity filed a breach report with the HHS OCR on April 15, 2010. This is required under the Health Information Technology for Economic and Clinical Health (HITECH) Act.

To read the entire press release from the HHS, click here.

Affinity is a not-for-profit managed care plan serving the New York metropolitan area.

Alleged Violations Stemmed from Failing to Clear Photocopier Hard Drive.

Affinity was allegedly informed by a representative of CBS Evening News, that as part of an investigation, CBS purchased a photocopier previously leased by Affinity. CBS allegedly informed Affinity that the photocopier still contained medical information on its hard drive. The OCR estimated that up to 344,579 individuals may have been affected by the breach. The OCR’s investigation found that Affinity impermissibly disclosed the protected health information of these individuals when it returned multiple photocopiers to leasing agents without deleting the data stored on the hard drives.

Affinity Must Try to Retrieve All Hard Drives in Previously Used Photocopiers.

According to HealthIT Security, on top of the $1,215,780 payment, Affinity must also try to recover all its previously used photocopiers that are still in the custody of the leasing company. Affinity must also conduct a risk analysis of its electronic protected health information for security risks and vulnerabilities.

Click here to read the article from HealthIT Security.

Warning to HIPAA Covered Entities Regarding Risk Assessments.

This settlement is an important reminder about equipment designed to retain electronic information. HIPAA covered entities are responsible for making sure all personal information is wiped from the hardware before it is recycled, thrown away or sent back to a leasing agent. Entities are also required to undertake a careful risk analysis to understand the threats and vulnerabilities to individuals’ data, and have safeguards in place to protect this information.

HIPAA laws have most likely changed since you last edited your privacy forms and procedures. Many health providers simply do not have the time to re-review their policies and revise documents. In a perfect practice, this would be done every six months.

To learn more on HIPAA risk assessments, click here.

Be Sensitive to Technical Equipment Containing Internal Memory.

In today’s technological society everyone must be continually vigilant about the machines and equipment used. Many different types of devices now contain internal memory chips and hard drives that may store data that is difficult to erase. These may include, for example, photocopiers, scanners and fax machines, in addition to computers and servers. Security videos and communications monitoring systems may also maintain such information. Backup tapes and modern cell phones are other possible examples. These should be professionally cleaned of all data or destroyed before discarding them.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

What do you think of this settlement? Does your office and/or practice have an annual security risk assessment? Do you think risk analyses are important? Please leave any thoughtful comments below.

Sources:

Office of Civil Rights. “HHS Settles with Health Plan in Photocopier Breach Case.” U.S. Department of Health and Human Services. (August 14, 2013). From: http://www.hhs.gov/news/press/2013pres/08/20130814a.html

Ouellette, Patrick. “OCR, Affinity Health Plan Reach HIPAA Violation Agreement.” HealthIT Security. (August 14, 2013). From: http://healthitsecurity.com/2013/08/14/ocr-affinity-health-plan-reach-hipaa-violation-agreement

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

Two Laptops Containing Information of 729,000 Patients Stolen from California Hospital Group

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The personal health information of around 729,000 patients has been compromised following the theft of two laptops. The password-protected computers were taken from an administration building of AHMC Healthcare Inc., a hospital group in Alhambra, California. According to the Los Angeles Times, the laptops contain data from patients treated at six different AHMC Healthcare hospitals. Surveillance video shows that the theft occurred on October 12, 2013, but hospital officials did not discover the laptops were missing until two days later.

To read the article from the Los Angeles Times, click here.

Laptops Contain Patient Information, But No Evidence Information Has Been Hacked.

According to the hospital group, the laptops contain data including patients’ names, Medicare/insurance identification numbers, diagnosis/procedure codes, and insurance/patient payment records. Some of the files allegedly contain the Social Security numbers of Medicare patients.

So far, there is no evidence the information has been accessed or used, according to the CBS affiliate in Los Angeles. Click here to read the article from the CBS affiliate.

However, given that this just occurred a few days ago, it is probably too early to tell, anyway.

Breach Must Be Reported to the Department of Health and Human Services.

Hospitals are required, under federal law, to report potential medical data breaches involving more than 500 people to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). The OCR is responsible for investigating all allegation of violations of HIPAA Privacy and Security Regulations.

According to the Los Angeles Times, AHMC Healthcare has already asked for an auditing firm to perform a security risk assessment. Hospital administrators are also expediting a policy to encrypt all laptops.

HIPAA Omnibus Final Rule Effective September 23, 2013–Get a Risk Assessment.

The HIPAA Omnibus Final Rule went into effect on September 23, 2013. By now, hospitals, physicians and all covered entities must comply with the HIPAA Omnibus Final Rule. The amendments to the rule are available on the HHS OCR website. I previously wrote a blog series about the HIPAA Omnibus Final Rule. Click here for part one, click here for part two and here for part three.

Covered entities should be performing HIPAA risk assessments to identify their security risks and implement protections before a data breach occurs. HIPAA has always required covered entities to perform HIPAA risk assessments. Very often, the first question the OCR asks when investigating a possible HIPAA violation is what risk assessment the health care provider has performed.

The objectives of an adequate HIPAA risk analysis are:

1. Identify the scope of the analysis – the analysis should include all the risks and vulnerabilities to the confidentiality, availability and integrity of all electronic health information regardless of its location.
2. Gather data – the covered entity must identify every location where electronic data is stored.
3. Identify and document potential threats and vulnerabilities – the covered entity should consider natural threats, human threats and environmental threats.
4. Assess current security measures – the covered entity must examine and assess the effectiveness of its current measures.
5. Determine the likelihood of threat occurrence – the covered entity should evaluate each potential threat and prioritize its plan to address each threat.
6. Determine the potential impact of threat occurrence – the covered entity should assess the possible outcomes of each identified threat such as unauthorized disclosure of confidential information.
7. Determine the level of risk – the covered entity should categorize each risk and plan its procedures to mitigate any damage cause by each risk.
8. Identify security measures and finalize documentation – the covered entity should thoroughly document all the steps it used in its risk assessment process.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

What do you think if this alleged HIPAA violation? Do you have policies and procedures in place to protect your patients’ right to privacy? Have you received a HIPAA risk assessment lately? Please leave any thoughtful comments below.

Sources:

Winton, Richard. “Laptop Thefts Compromise 729,000 Hospital Patient Files.” Los Angeles Times. (October 21, 2013). From: http://www.latimes.com/local/la-me-hospital-theft-20131022,0,1936078.story#axzz2iRg6Rh3Y

Los Angeles CBS. “Laptops Containing Patient Information Stolen from Alhambra Hospital.” Los Angeles CBS. (October 22, 2013). From: http://losangeles.cbslocal.com/2013/10/22/laptops-containing-patient-information-stolen-from-alhambra-hospital/

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.

By The Health Law Firm|2024-03-14T10:00:52-04:00June 1, 2018|Categories: HIPAA, Hitech Act, The Health Law Firm Blog|Tags: corrective action plan (CAP), data security, defense attorney, defense lawyer, florida health attorney, Florida health lawyer, Health Insurance Portability and Accountability Act (HIPAA), HIPAA attorney, HIPAA compliance, HIPAA compliance audit, HIPAA lawyer, HIPAA Omnibus Final Rule, HIPAA risk assessment, medical history, medical records, Office of Civil Rights (OCR), Omnibus Rule, Omnibus rule compliance deadline, Patient privacy, patient records, protected health information (PHI), the health law firm, U.S. Department of Health and Human Services (HHS)|Comments Off

Dermatology Practice Settles with Government After Stolen USB Drive Results in HIPAA Breach

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and Adult & Pediatric Dermatology (APDerm), reached a $150,000 settlement for privacy and security violations of the Health Insurance Portability and Accountability Act (HIPAA). The alleged violations related to an unencrypted USB drive that was stolen. The thumb drive contained the protected health information (PHI) of around 2,200 patients, according to a press release posted December 26, 2013, on the HHS website.

According to the HHS, this is the first settlement with a covered entity for not having policies and procedures in place to address the breach notification provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act.

To read the entire press release from the HHS, click here.

APDerm delivers dermatology services to patients in Massachusetts and New Hampshire.

Alleged Violations Stemmed from Stolen, Unencrypted USB Drive.

According to the HHS, the OCR initiated its investigation after being tipped off that an unencrypted thumb drive containing the PHI of about 2,200 patients was stolen from a vehicle of an APDerm staff member. According to Healthcare IT News the thumb drive was never recovered.

The investigation allegedly revealed that APDerm had not conducted an accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of PHI as part of it security management process. It’s also alleged that APDerm failed to fully comply with the HITECH Breach Notification Rule, which requires organizations to have written policies and procedures in place and to train staff members.

According to Healthcare IT News, the settlement also includes a corrective action plan (CAP). The CAP requires the dermatology company to develop a risk analysis and risk management plan to address and mitigate any security risks and vulnerabilities. Click here to read the entire article on Healthcare IT News.

Warning to HIPAA Covered Entities Regarding Risk Assessments.

This settlement is an important reminder about equipment designed to retain electronic information. HIPAA covered entities are responsible for making sure all personal information is protected. Entities are also required to undertake a careful risk analysis to understand the threats and vulnerabilities to individuals’ data, and have safeguards in place to protect this information.

HIPAA laws have most likely changed since you last edited your privacy forms and procedures. Many health providers simply do not have the time to re-review their policies and revise documents. In a perfect practice, this would be done every six months.

To learn more on HIPAA risk assessments, click here.

Be Sensitive to Technical Equipment Containing Internal Memory.

In today’s technological society everyone must be continually vigilant about the machines and equipment used. Many different types of devices now contain internal memory chips and hard drives that may store data that is difficult to erase. These may include photocopiers, scanners and fax machines, in addition to computers and servers. Security videos and communications monitoring systems may also maintain such information. Backup tapes and modern cell phones are other possible examples. These should be professionally cleaned of all data or destroyed before discarding them, selling them or trading them in on newer models.

To read a previous blog on Affinity Health Plan settling with government in photocopier HIPAA breach incident, click here.

Practical Tips.

The following are some lessons learned from this case. Share them with others in your organization:

1. Ensure that all types of electronic media by which you transfer patient health information of any kind are encrypted. This includes thumb drives, CD ROMs, DVDs, backup tapes, mini hard drives and anything else.
2. Try not to remove any patient information from your work cite. If you need to work on it remotely, use a secure, encrypted internet connection to access your work data base. Avoid saving the work or data onto your laptop hard drive or other removable media.
3. Never leave your laptop or other media in a car you are having worked on by a mechanic, having an oil change, having the car washed, or while you run into a store. Thieves stake out such locations and are waiting for careless individuals to do this.
4. Never leave your laptop, thumb drive or other electronic media from work in your car. What can be worse than having your car stolen? Having your car stolen with your laptop in it with patient information on it.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

What do you think of this settlement? Does your office and/or practice have an annual security risk assessment? Do you think risk analyses are important? Please leave any thoughtful comments below.

Sources:

Millard, Mike. “Lost Thumb Drive Leads to $150K Fine.” Healthcare IT News. (December 30, 2013). From: http://www.healthcareitnews.com/news/lost-thumb-drive-leads-150k-fine

U.S. Department of Health and Human Services “Dermatology Practice Settles Potential HIPAA Violations.” HHS.gov. (December 26, 2013). From: http://www.hhs.gov/news/press/2013pres/12/20131226a.html

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

By The Health Law Firm|2024-03-14T10:00:54-04:00June 1, 2018|Categories: HIPAA, Hitech Act, The Health Law Firm Blog|Tags: corrective action plan (CAP), data security, defense attorney, defense lawyer, Health Information Technology for Economic and Clinical Health (HITECH) Act, Health Insurance Portability and Accountability Act (HIPAA), health law firm, HIPAA attorney, HIPAA compliance, HIPAA compliance audit, HIPAA lawyer, HIPAA risk assessment, medical history, medical records, Office of Civil Rights (OCR), Omnibus Rule, Omnibus rule compliance deadline, Patient privacy, patient records, privacy, protected health information (PHI), the health law firm, U.S. Department of Health and Human Services (HHS)|Comments Off

Data Breach at Colorado Hospital Highlights IT Security Risks

By Lance O. Leider, J.D., The Health Law Firm

A small rural hospital in Glenwood Springs, Colorado, has identified a virus on its computer network that had captured and stored screen shots of protected health information in a hidden file system. The hidden folder was created on Sept. 23, 2013, but was not discovered until Jan. 23, 2014. The breach identified at least 5,400 individual patients whose information was compromised.

According to Healthcare IT News, among the stolen data was patient names, addresses, dates of birth, telephone numbers, Social Security numbers, credit card information, and admission and discharge dates.

Hospital officials have been unable to determine how the virus was loaded onto the hospital network, according to Healthcare IT News. Consequently, officials believe that there is “very high” probability that the data had been accessed by an outside entity.

To read the entire article from Healthcare IT News, click here.

Take Steps to Secure Your Network.

Breaches of this kind are not solely confined to hospitals and large providers. In fact, it may be that this hospital was targeted because it was a smaller provider in a rural area with easier access to its systems.

Viruses like the one in question could be loaded onto systems as a result of an outside attack (think hackers) or through inside means like a flash drive or deliberately opening an infected e-mail.

It is imperative that a Health Insurance Portability and Accountability Act (HIPAA) covered entity have an effective cyber security plan. Make sure that you have up-to-date anti-virus software and that your computers are secure from access by unauthorized personnel like cleaning crews or patients and their families. Also, meet with your IT professional to discuss security measures you can put in place such as restricting access and accessibility to certain files or the ability to download programs and applications to essential staff only.

Hacked data represents a growing share of HIPAA breaches. It is imperative that covered entities ensure their compliance with HIPAA to avoid any sanctions by the Office for Civil Rights (OCR). To date, the OCR has collected in excess of $18 million in fines and penalties for failures to secure patient information.

Get a Risk Assessment.

A HIPAA Risk Assessment is a thorough review and analysis of areas where you may have risk of violating the HIPAA laws. Federal regulations require that covered entities have this assessment done. When the OCR auditor comes to visit your office to check for HIPAA compliance, they will ask for your Risk Assessment. Do you have one? Does your staff know who your HIPAA compliance officer is? To learn more on HIPAA risk assessments, click here.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs), please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

Do you think it is likely that this hospital was targeted because it was a smaller provider in a rural area? Do you think a HIPAA risk assessment could have helped this practice avoid a breach? Please leave any thoughtful comments below.

Sources:

Harvey, Nelson. “Hospital Database Hacked, Patient Info Vulnerable.” Aspen Daily News. (March 15, 2014). From: http://www.aspendailynews.com/section/home/161578

McCann, Erin. “Small-Town Hospital Gets Hacked.” Healthcare IT News. (March 17, 2014). From: http://www.healthcareitnews.com/news/small-town-hospital-gets-hacked

About the Author: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

By The Health Law Firm|2024-03-14T10:00:55-04:00June 1, 2018|Categories: HIPAA, Hitech Act, In the Know, The Health Law Firm Blog|Tags: data security, defense attorney, defense lawyer, Health Information Technology for Economic and Clinical Health (HITECH) Act, Health Insurance Portability and Accountability Act (HIPAA), health law firm, HIPAA attorney, HIPAA compliance, HIPAA compliance audit, HIPAA lawyer, HIPAA risk assessment, medical history, medical records, Office of Civil Rights (OCR), Omnibus Rule, Omnibus rule compliance deadline, Patient privacy, patient records, privacy, protected health information (PHI), the health law firm, U.S. Department of Health and Human Services (HHS)|Comments Off

HIPAA Fines, Mobile Devices and Risk Assessments: Follow the Steps or Pay the Price

By Lance O. Leider, J.D., The Health Law Firm

Two separate entities have agreed to pay the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) $1,975,220 in fines collectively. The settlements resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules involving stolen, unencrypted laptops. These two actions shine a light on the significant risk unencrypted laptops and other mobile devices pose to the security of patient information.

To read the press release from the HHS OCR, published on April 22, 2014, click here.

Concentra Received Risk Assessments, But Did Not Act on Findings.

According to the OCR, an investigation of Concentra Health Services, a subsidiary of Humana, was conducted after a laptop was stolen from a Missouri physician therapy center. This investigation revealed that Concentra had previously received multiple risk analyses that stated the company lacked encryption on its laptops, desktop computers, medical equipment, tablets and other devices containing electronic protected health information. Concentra’s efforts to remedy the risk were incomplete and inconsistent, leaving patients’ health information vulnerable. Concentra agreed to pay $1,725,220 to settle potential security violations and adopt a corrective action plan.

QCA Investigation.

The QCA Health Plan, Inc., investigation began in February 2012, after an unencrypted laptop containing the medical records of 148 individuals was stolen from an employee’s car. The investigation revealed that QCA failed to comply with multiple requirements of the HIPAA privacy and security rules. According to Modern Healthcare, the company is required to pay $250,000, as well as provide HHS with an updated risk analysis and corresponding risk-management plan.

Click here to read the entire article from Modern Healthcare.

Encrypt Laptops and Other Equipment or Pay the Price.

Encryption is one of your best defenses against incidents. These two settlements highlight the need for all entities to encrypt their laptops and other devices. Failing to do so may put that entity at risk for paying a large fine to the OCR and possible fines for state law violations.

HIPAA-covered entities are responsible for making sure all personal information is protected.

The following are some practical tips to use when handling protected health information. Share them with others in your organization:

1. Ensure that all types of electronic media by which you transfer patient health information of any kind are encrypted. This includes thumb drives, CD ROMs, DVDs, backup tapes, mini hard drives and anything else.
2. Try not to remove any patient information from your work site. If you need to work on it remotely, use a secure, encrypted internet connection to access your work database. Avoid saving the work or data onto your laptop hard drive or other removable media.
3. Never leave your laptop or other media in a car you are having worked on by a mechanic, having an oil change, having the car washed, or while you run into a store. Thieves stake out such locations and are waiting for careless individuals to do this.
4. Never leave your laptop, thumb drive or other electronic media from work in your car. What can be worse than having your car stolen? Having your car stolen with your laptop in it with patient information on it.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Comments?

Are the laptops and other mobile devices at your practice encrypted? Does your practice regularly perform HIPAA risk assessments? Please leave any thoughtful comments below.

Sources:

Conn, Joseph. “Unencrypted-Laptop Thefts at Center of Recent HIPAA Settlements.” Modern Healthcare. (April 23, 2014). From: http://www.modernhealthcare.com/article/20140423/NEWS/304239945/unencrypted-laptop-thefts-at-center-of-recent-hipaa-settlements

U.S. Department of Health and Human Services Press Office. “Stolen Laptops Lead to Important HIPAA Settlements.” U.S. Department of Health and Human Services. (April 22, 2014). From: http://www.hhs.gov/news/press/2014pres/04/20140422b.html

About the Author: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2014 The Health Law Firm. All rights reserved.

By The Health Law Firm|2024-03-14T10:00:56-04:00June 1, 2018|Categories: HIPAA, Hitech Act, The Health Law Firm Blog|Tags: corrective action plan (CAP), data security, defense attorney, defense lawyer, encrypted laptop, Health Information Technology for Economic and Clinical Health (HITECH) Act, Health Insurance Portability and Accountability Act (HIPAA), health law firm, HIPAA attorney, HIPAA compliance, HIPAA compliance audit, HIPAA lawyer, HIPAA risk assessment, HIPAA violation, medical history, medical records, Office of Civil Rights (OCR), Omnibus Rule, Omnibus rule compliance deadline, Patient privacy, patient records, privacy, protected health information (PHI), the health law firm, U.S. Department of Health and Human Services (HHS)|Comments Off

Nationwide Telephone Scam: Phony DEA Agents Extorting Money from Victims

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Drug Enforcement Administration (DEA) is warning the public to be aware of a prescription drug scam. This telephone scheme is extorting money from people all over the country. On November 28, 2012, the DEA released a press release explaining the details of the scam.

Do Not Wire Money to Phony DEA Agents.

The scam starts with criminals posing as DEA agents calling victims by telephone. Frequently the victims will have recently purchased prescription drugs over the internet or by phone. The imposters tell the victims that purchasing the drugs in that manner is illegal, and that they must pay a fine. If the victims refuse to send money, the phony DEA agents threaten to arrest the victims or search their property. Some of the victims have also reported unauthorized use of their credit cards after purchasing the prescription drugs.

Click here to read more on this scam from a DEA press release.

The DEA wants to remind the public that no DEA agent will ever contact a person by telephone. They might show up at your house early in the morning or while you are eating dinner, however. Also, agents never request money or any other form of payment.

Purchasing Drugs Over the Internet or By Telephone May Be Illegal.

Many times it may be illegal to purchase controlled drugs by phone or over the internet. That’s why you should go to Canada to do it. There are direct flights from Orlando. However, some pharmacies that meet stringent requirements and are registered by the DEA are allowed to sell drugs over the internet or by phone. So don’t be fooled by this telephone scam.

Scammers Banking on Victims’ Ignorance and Fear.

The scammers are counting on the fact that if you have done this, you will get scared and believe their accusations. Many people have no idea whether such conduct is legal or illegal. These imposters are banking on your ignorance and fear of being arrested for a criminal act. They are also banking on the fact you won’t report this to the real police.

Where do they get this information? Chances are, they are just “cold-calling” people. There are bound to be a certain number of people they reach who have done this. However, if they seem to have your personal health information (or credit card number) report this to the police right away. Be sure to obtain a written police report. Also, you should file a HIPAA Privacy Complaint with the Office of Civil Rights (OCR) to begin an investigation if you believe your personal health information has been stolen by or given to someone else to use.

Strict Regulations and Restrictions Might Cause People to Look for Other Opportunities to Get Prescription Drugs.

It is no surprise that the DEA, along with other law enforcement agencies, has stepped up its efforts to cut down on overprescribing. To see examples of what I am talking about read my past blogs: Walgreens fights the Drug Enforcement Administration’s (DEA) immediate suspension order and Drug Enforcement Administration (DEA) pulls controlled substance licenses from two Sanford, Florida, CVS pharmacies.

If the largest, legitimate pharmacy chains in the state and nation are not allowed to fill these prescriptions, where will chronic-pain patients turn? Are these actions driving our citizens into the hands of shady pharmacies that have fewer safeguards and less accountability, such as online pharmacies? Are these actions driving our citizens to seek out illegal drug dealers and turn to illegal drugs to cope with their legitimate medical problems? That is just one opinion. Tell us yours below.

Contact Health Law Attorneys Experienced with Investigations of Health Professionals and Providers.

The attorneys of The Health Law Firm provide legal representation to physicians, nurses, nurse practitioners, CRNAs, dentists, pharmacists, psychologists and other health providers in Department of Health (DOH) investigations, Drug Enforcement Administration (DEA) investigations, FBI investigations, Medicare investigations, Medicaid investigations and other types of investigations of health professionals and providers.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

Are the actions of the DEA driving our citizens into the hands of shady pharmacies that have fewer safeguards and less accountability, such as online pharmacies? Are these actions also driving our citizens to seek out illegal drug dealers and turn to illegal drugs to cope with their legitimate medical problems? Please leave any thoughtful comments below.

Sources:

Pavuk, Amy. “DEA Warns of Prescription-Drug Scam.” Orlando Sentinel. (November 29,2012). From: http://www.orlandosentinel.com/news/local/breakingnews/os-dea-warns-scam-internet-20121128,0,5800536.story

Drug Enforcement Administration. “DEA Scam Alert – Extortion Scheme.” DEA. (November 28, 2012). From: http://www.justice.gov/dea/divisions/mia/2012/mia112812a.shtml

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

By The Health Law Firm|2024-03-14T10:00:41-04:00June 1, 2018|Categories: DEA, HIPAA, In the News, Pharmaceutical Drugs, The Health Law Firm Blog|Tags: controlled substance purchases online, DEA agents, DEA investigation, defense attorney, defense lawyer, Drug Enforcement Administration (DEA), drug purchases on the telephone, extortion scam, HIPAA Privacy Complaint, Office of Civil Rights (OCR), online drug purchase, pharmacies, pharmacist, pharmacy, prescription-drug scam, scam alert|3 Comments

Update: Fake DEA Agents Calling Citizens, Claiming to Have Arrest Warrant

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

Health care providers beware, there is a scam making its rounds in Central Florida. Con men are telephoning citizens, including physicians, and pretending to be Drug Enforcement Administration (DEA) agents in the hope of extorting money from them.

It’s a scam we first told you about in December 2012, but have since learned more. Click here to read my first blog on this nationwide telephone scam.

Fake DEA Agents Conning Citizens and Health Providers.

The scam starts with criminals posing as DEA agents calling victims by telephone. Frequently, just by coincidence, the victim will have purchased prescription drugs over the internet, by phone or from a foreign country. The imposters tell the victims that purchasing the drugs in this manner is illegal, and that the phony DEA agent has an arrest warrant for them. They are then advised that they can pay a cash fine and avoid arrest. We’ve heard reports that the criminals tell the victim to wire the funds to the DEA’s account, which is actually an overseas account.

If the victims refuse to send money, the phony DEA agents threaten to arrest the victims or come out and search their property.

Click here to read more on this scam from a DEA press release.

The Local Law Enforcement is Investigating.

As we stated before, this is a nationwide scam. However, we’ve recently received a report from a local health care provider that was contacted by one of these phony DEA agents. This person was told the by the con men that he was being investigated by the DEA for an outstanding warrant. The thought of being the target of a DEA investigation can be quite unnerving for anyone working in the medical field.

The real DEA is aware of the situation and is doing a thorough investigation into the scam. Until agents find the people behind this con, they want to remind you that no DEA agent will ever contact a subject by telephone. However, a DEA agent, just like any other law enforcement officer, might show up at your house early in the morning or while you are eating dinner. If you were actually going to be arrested or charged for a crime, the agents would not offer to drop the charges in exchange for money.

Call the DEA Immediately If Criminals Call You.

Criminals are counting on the fact that they will reach a certain number of people who have actually purchased drugs over the internet and will not know for sure whether this is legal. They are counting on the fact that if they think they may have purchased drugs illegally, they will get scared and believe the false accusations. Many people have no idea whether such conduct is legal or illegal. These imposters are banking on your ignorance and fear of being arrested for a criminal act or losing your professional license to practice. They are also banking on the fact you won’t report this to the real police or DEA. If you receive a similar call from phony DEA agents, call the real DEA at 1-877-792-2873.

How Does Your Information Get into the Hands of Criminals?

Chances are they are just “cold-calling” people. There are bound to be a certain number of people (especially in Florida) they reach who have done this. However, if they seem to have your personal health information (or credit card number) report this to the police right away. Be sure to obtain a written police report. Also, you should file a Health Insurance Portability and Accountability Act (HIPAA) Privacy Complaint with the Office of Civil Rights (OCR) to begin an investigation if you believe your personal health information has been stolen by or given to someone else to use.

Contact Health Law Attorneys Experienced with Investigations of Health Professionals and Providers.

The attorneys of The Health Law Firm provide legal representation to physicians, nurses, nurse practitioners, CRNAs, dentists, pharmacists, psychologists and other health providers in Department of Health (DOH) investigations, Drug Enforcement Administration (DEA) investigations, FBI investigations, Medicare investigations, Medicaid investigations and other types of investigations of health professionals and providers.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Sound Off!

Have you received a call from these phony DEA agents? Please leave any thoughtful comments below.

Source:

Drug Enforcement Administration. “DEA Scam Alert – Extortion Scheme.” DEA. (November 28, 2012). From: http://www.justice.gov/dea/divisions/mia/2012/mia112812a.shtml

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.

By The Health Law Firm|2024-03-14T10:00:44-04:00June 1, 2018|Categories: DEA, In the Know, In the News, The Health Law Firm Blog|Tags: controlled substance purchases online, DEA agents, DEA investigation, defense attorney, defense lawyer, Drug Enforcement Administration (DEA), drug purchases on the telephone, extortion scam, HIPAA Privacy Complaint, Office of Civil Rights (OCR), online drug purchase, pharmacies, pharmacist, pharmacy, prescription-drug scam, scam alert|6 Comments

Pharmacists: Beware of Scammers that Call and Claim to be DEA Agents

By George F. Indest III, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

The Drug Enforcement Administration (DEA) is warning pharmacists to be aware of a prescription drug scam. This telephone scheme is extorting money from people all over the country. On November 28, 2012, the DEA released a press release explaining the details of the scam.

Con Artists Claim to Be DEA Agents and Request Money Over the Phone.

The scam starts with criminals posing as DEA agents calling victims by telephone. Frequently the victims will have recently purchased prescription drugs over the internet or by phone. The imposters tell the victims that purchasing the drugs in that manner is illegal, and that they must pay a fine. If the victims refuse to send money, the phony DEA agents threaten to arrest the victims or search their property. Some of the victims have also reported unauthorized use of their credit cards after purchasing the prescription drugs.

Click here to read more on this scam from a DEA press release.

The DEA wants to remind pharmacists that no DEA agent will ever contact you by telephone. They might show up at your house early in the morning or while you are eating dinner, however. Also, agents never request money or any other form of payment.

Isn’t it Illegal to Buy Prescription Drugs Over the Internet or By Phone?

Many times it may be illegal to purchase controlled drugs by phone or over the internet. That’s why you should go to Canada to do it. There are direct flights from Orlando. However, some pharmacies that meet stringent requirements and are registered by the DEA are allowed to sell drugs over the internet or by phone. So don’t be fooled by this telephone scam.

How Does Your Information Get Into the Hands of Criminals?

The scammers are counting on the fact that if you have done this, you, as a pharmacist, will get scared and believe their accusations. Many people have no idea whether such conduct is legal or illegal. These imposters are banking on your ignorance and fear of losing your license to practice. They are also banking on the fact you won’t report this to the real police.

Where do they get this information? Chances are, they are just “cold-calling” people. There are bound to be a certain number of people they reach who have done this. However, if they seem to have your personal information (or credit card number) report this to the police right away. Be sure to obtain a written police report. Also, you should file a HIPAA Privacy Complaint with the Office of Civil Rights (OCR) to begin an investigation if you believe your personal information has been stolen by or given to someone else to use.

Pain Patients Turn to Alternative Means to Get the Drugs They Need.

It is no surprise that the DEA, along with other law enforcement agencies, has stepped up its efforts to cut down on overprescribing. To see examples of what I am talking about read my past blogs: Walgreens fights the Drug Enforcement Administration’s (DEA) immediate suspension order and Drug Enforcement Administration (DEA) pulls controlled substance licenses from two Sanford, Florida, CVS pharmacies.

If the largest, legitimate pharmacy chains in the state and nation are not allowed to fill these prescriptions, where will chronic-pain patients turn? Are these actions driving our citizens into the hands of shady pharmacies that have fewer safeguards and less accountability, such as online pharmacies? Are these actions driving our citizens to seek out illegal drug dealers and turn to illegal drugs to cope with their legitimate medical problems? That is just one opinion. Tell us yours below.

Contact Health Law Attorneys Experienced with Investigations of Pharmacists.
The attorneys of The Health Law Firm provide legal representation to pharmacists and other health providers in Department of Health (DOH) investigations, Drug Enforcement Administration (DEA) investigations, FBI investigations, Medicare investigations, Medicaid investigations and other types of investigations of health professionals and providers.

To contact The Health Law Firm, please call (407) 331-6620 or (850) 439-1001 and visit our website at www.TheHealthLawFirm.com.

Comments?

As a pharmacist, have you been contacted by these phony DEA agents? Please leave any thoughtful comments below.

Sources:

Pavuk, Amy. “DEA Warns of Prescription-Drug Scam.” Orlando Sentinel. (November 29,2012). From: http://www.orlandosentinel.com/news/local/breakingnews/os-dea-warns-scam-internet-20121128,0,5800536.story

Drug Enforcement Administration. “DEA Scam Alert – Extortion Scheme.” DEA. (November 28, 2012). From: http://www.justice.gov/dea/divisions/mia/2012/mia112812a.shtml

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved.