Are You Worried About Health Care Compliance Consequences? Have They Gone Too Far?

By Lance O. Leider, J.D., LL.M., The Health Law Firm

From large hospital systems to solo practitioners, there is no escaping health care compliance in the industry. The concept of compliance can spark different thoughts in different people. For example, some believe it is an unnecessary government intrusion and others believe it’s a way to improve the quality and costs of health care.

No matter your thoughts on health care compliance and government oversight, regulation of the health care industry will never be eliminated. In fact, we expect it to increase as more quality-based requirements are implemented.

We believe compliance and regulations are necessary, but we have to wonder if sometimes these laws go too far.

Those Cute Baby Photos Can Cost You.

As an example of laws going too far, photos of cooing newborn babies used to cover the bulletin boards of doctors’ offices. However, under the Health Insurance Portability and Accountability Act (HIPAA), these baby photos are considered protected health information, along the same lines as a medical chart or social security number. A report by The New York Times indicates many offices have removed these types of photos or moved them to private portions of the office. According to the Office for Civil Rights (OCR) Department of Health and Human Services (HHS), doctors’ offices are not allowed to post these photos without a specific written authorization from the parent.

To read more on this topic, click here.

Health Care Compliance Overview.

Health care compliance is the ongoing process of meeting or exceeding the legal, ethical and professional standards applicable to a particular health care organization or provider. Health care compliance requires health care organizations and providers to develop effective processes, policies, and procedures to define appropriate conduct, train the organization’s staff, and then monitor the adherence to the processes, polices and procedures.

Health care compliance covers numerous areas including patient care, billing, reimbursement, managed care contracting, OSHA, and HIPAA privacy and security to new a few.

To read a basic overview of health care compliance for organizations and providers, click here.

How to Deal with Compliance Overkill.

The primary purpose of health care compliance is to improve patient care. It is nearly impossible to overstate the complexity of health care compliance. Health care organizations and providers are not only required to comply with Medicare rules and regulations, but they are also required to comply with numerous other federal and state health care laws, rules and regulations.

When dealing with compliance issues, our recommendation is to use your common sense and best judgment. Fear usually leads to absurd situations. With all the fear and propaganda out there it is important to stick to your instincts and put patient care first.

Health care compliance is cumbersome, many may agree too cumbersome. However, it is here to stay.

Do you think health care compliance has gone too far? How do you try to keep up with health care compliance laws and regulations? Are you worried about compliance consequences?

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other health care providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Sources:

Hartocollis, Anemona. “Baby Pictures at the Doctor’s? Cute, Sure, but Illegal.” The New York Times. (August 9, 2014). From: http://www.nytimes.com/2014/08/10/nyregion/baby-pictures-at-doctors-cute-sure-but-illegal.html?_r=0

Kirsch, M.D., Michael. “The Consequences of Zero Tolerance: Why HIPAA is Overkill.” Kevin M.D. (January 1, 2014). From: http://www.kevinmd.com/blog/2014/01/consequences-tolerance-hipaa-overkill.html

About the Author: Lance O. Leider is an attorney with The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Avenue, Altamonte Springs, Florida 32714, Phone: (407) 331-6620.

KeyWords: Health Insurance Portability and Accountability Act (HIPAA), HIPAA Omnibus Rule, HIPAA compliance, HIPAA lawyer, HIPAA compliance attorney, data security lawyer, protected health information (PHI), Patient privacy, U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR), patient rights, HIPAA compliance audit, privacy defense attorney, health care compliance lawyer, compliance defense attorney, healthcare compliance defense lawyer, health care defense lawyer, HIPAA attorney, HIPAA lawyer, compliance plans, health law firm, The Health Law Firm, health law defense attorney, health care professional defense attorney, legal representation for healthcare professionals, reviews of The Health Law Firm, The Health Law Firm attorney reviews

“The Health Law Firm” is a registered fictitious business name of and a registered service mark of The Health Law Firm, P.A., a Florida professional service corporation, since 1999.
Copyright © 2018 The Health Law Firm. All rights reserved.

Breach of HIPAA Privacy Regulations May be a Basis for Negligence Actions

By Shelby Root and George F. Indest III, J.D., M.P.A., LL.M., Board Certified by the Florida Bar in Health Law

00011_RT8Given the advances in information technology, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by Congress as a comprehensive legislative and regulatory scheme to ensure basic protections of patients’ right of privacy regarding their health information. HIPAA, standing alone, does not provide a private right of action. It also preempts contrary state laws. A recent case in the Supreme Court of Connecticut, Byrne v. Avery Center for Obstetrics and Gynecology, P.C., 102 A.3d 32 (Conn. 2014), addressed these issues. The decision answered the question of whether HIPAA preempts state law claims for negligence and negligent infliction of emotional distress against a healthcare provider who released medical records in the course of complying with a subpoena.

The Facts of Byrne v. Avery Center for Obstetrics and Gynecology, P.C.

During May 2004, Byrne started a personal relationship with Andro Mendoza, which lasted four months. At some point during May 2004 and July 12, 2005, the Avery Center provided Byrne with gynecological and obstetrical care and treatment. During the visit she was given the center’s privacy policy regarding protected health information. The policy, and the law, state that a patient’s health information will not be disclosed without their authorization. After Byrne’s relationship with Mendoza ended she instructed the center not to release her medial records to him.

On May 31, 2005, Mendoza filed paternity actions against Byrne. The Avery Center was served with a subpoena requesting its presence, along with Byrne’s medical records, at Probate Court. The center did not alert Byrne of the subpoena, file a motion to quash or appear in court. Instead, it mailed a copy of Byrne’s medical file to the court.

The Supreme Court of Connecticut’s Holding.

The Supreme Court of Connecticut reasoned that the fact a state law that allows an individual to file a civil action to protect their privacy exist does not mean that the law conflicts with the HIPAA penalty provisions. Therefore, the court concluded that HIPAA does not preempt causes of action when they are based on a state common or statutory law due to a healthcare provider’s breach of confidentiality.

The court found that a number of federal and state courts have ruled that a breach of the HIPAA Privacy Rule may be the basis for a breach of a duty of care in state court negligence actions. A patient’s private right of action does not conflict with or complicate healthcare provider’s compliance with HIPAA. In fact, negligence claims in state courts are furthering HIPAA’s goal of deterring wrongful disclosure of patient’s healthcare information. To view a past blog on a HIPAA violation case in California, click here.

Editors’ Comments on Byrne.

This is the latest of several recent cases where state courts have allowed cases to proceed against health care providers who breached the medical confidentiality of their patients, based in part on the HIPAA Privacy Regulations. In this case, the court correctly held that, although HIPAA does not afford a private right of action by itself, it does establish the duty that is owed by a healthcare provider to its patients to protect their medical information. With this duty being established, the plaintiff can then proceed under a straight negligence tort cause of action.

It is also noteworthy that the HIPAA Privacy Regulations are just one source of “evidence” or standards that can be used to establish th duty owed by medical professionals and theories.

This case also helps to put to rest the spurious defense that HIPAA might “preempt” such a cause of action that is brought under state law. We have seen this theory used by defendants just about any time a federal statute or federal regulation might come into play in a tort law suit. The court correctly determined that this defense theory was not valid.

If anything, HIPAA has better defined and strengthened a duty that has been owed to patients by physicians, nurses, health professionals and health facilities since the time of Hippocrates.

Comments?

What are your thoughts on the Supreme Court of Connecticut’s ruling? Please leave any thoughtful comments below.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.

The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and instiuttions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).

For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.

Source:

Byrne v. Avery Center for Obstetrics and Gynecology, P.C., 102 A.3d 32 (Conn. 2014). From:

http://scholar.google.com/scholar_case?case=6869878125055474806&q=Byrne+v.+Avery+Center+for+Obstetrics+and+Gynecology,+P.C.,+102+A.3d+32+(Conn.+2014)&hl=en&as_sdt=40006

About the Authors: Shelby Root is a summer associate at The Health Law Firm. She is a student at Barry University College of Law in Orlando. George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

KeyWords: Health Insurance Portability and Accountability Act, HIPAA, HIPAA Privacy Rules, HIPAA compliance, protected health information, patient privacy, patient rights, HIPAA violation, penalties for HIPAA violation, civil penalties for HIPAA violation, privacy, defense attorney, defense lawyer, HIPAA defense attorney, HIPAA violation help, HIPAA attorney, HIPAA lawyer, compliance plans, health law, The Health Law Firm

“The Health Law Firm” is a registered fictitious business name of George F. Indest III, P.A. – The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2015 The Health Law firm. All rights reserved.

Go to Top