Category:

Which Health Care Law Can Lead to Criminal Liability?

November 20th, 2021 by

Health care laws are designed to protect patients, and health care businesses are tasked with keeping up with new laws and their nuances in order to remain compliant.

Ignorance is never a defense, but it is not easy to keep up with liability law in Florida, especially in the healthcare industry.

For this reason, many healthcare-related businesses reach out to Florida Healthcare Law Firm for support.

Healthcare Law and Criminal Liability for Patient Care

There are a number of reasons why a healthcare business might be in danger of criminal liability, and medical malpractice is one of the big ones. This can include charges for:

  • Negligent medical care that caused harm or death to a patient.
  • Giving medical services or medication to a patient without gaining their consent first.
  • Practicing medicine without a license or otherwise providing services beyond the certification scope.
  • Breaking HIPAA laws by violating patient confidentiality.
  • Having a romantic or sexual relationship with a patient.
  • Prescribing too much of an addictive medication or prescribing abusable medication without medical necessity.
  • Providing medical services that are illegal at the state or federal level.
  • Assisting any patient in ending their life.

Criminal Liability Is Possible for Health Care Fraud

Medicare fraud is one of the most common types of fraud and a primary reason for criminal liability complaints across the healthcare industry. In fact, any kind of billing fraud is grounds for a criminal offense.

Billing fraud can mean:

  • Accepting payment or favors for using certain medical products or prescriptions.
  • Billing for medical care that was not provided.
  • Double billing for medical care claims.
  • Billing for services that were not medically necessary.
  • Billing using a medical code that is more expensive than the actual amount of services provided.

Health Care Law Can Lead to Liability

The law is set up to protect patients, as it should. But, without knowledge of what current law requires, many healthcare businesses are at risk of criminal liability.

One of the best ways to protect against surprise lawsuits is to hire a healthcare law firm to assist your business in:

  • Assessing current software, forms, and records to ensure that there are no concerns in day-to-day practices.
  • Updating protocol if there are any issues that require attention.
  • Keeping up with changes to existing law and recommending adjustments to procedures as needed.
  • Staying current on new laws as they are introduced, voted on, passed, and put into effect, and creating plans to stay in compliance.

If you have a healthcare business in Florida, whether or not you work directly with patients, it is imperative to ensure that you remain in compliance with Florida law. Contact us at Florida Healthcare Law Firm today to find out how we can assist you in this process.

Just The Fax, Ma’am…

March 30th, 2021 by

hipaa compliant healthcare communicationsGuest Blog Post By: Phil Liberty, Universal The Communications Company

The healthcare industry is doing its level best to keep fax machine manufacturers in business. Because fax machines are considered to be HIPAA compliant, it’s easy to keep them humming along. Paying for expensive toner, electricity and the telephone line attached to the wall behind the machine is just the way we’ve always done it. But that telephone line should give you enough reason to consider your options.

AT&T built and owns the copper telephone network that provides the analog signal required for T1 lines, traditional telephones, fax machines, credit card machines, postage meters, alarms and elevators. That service is known as POTS – Plain Old Telephone Service. Maintaining that antiquated network is costly and inefficient for AT&T so they will retire POTS in the near future. All services will eventually run over fiber optic cables and your equipment may have to change to keep up. You may have received a letter telling you about this transition but probably ignored it or did not even open it thinking it was a solicitation. So, how does AT&T get your attention if you won’t read their letter? Check your phone bill!

read more

Is Your Medical Software Provider Using the Cloud to Store Data?

December 14th, 2020 by

The Fractional General Counsel

medical software security hipaa protectedBy: Steven Boyne

The Question of the Week: Is your Medical software provider using the Cloud to store data?

These days everyone is migrating to the Cloud.  This exodus away from servers to the cloud is driven by the flexibility, security and pricing that Cloud services such as AWS (Amazon Web Services), Microsoft’s Azure, Google Cloud and IBM offer software developers.  It is a pretty safe assumption that most healthcare software vendors are currently using the Cloud, or they plan on using the Cloud. read more

Avoiding HIPAA Violations During COVID-19

May 27th, 2020 by

telehealth laws after covid-19By: Steven Boyne

The COVID-19 virus has and will probably continue to change the way healthcare providers and business associates interact and help their patients. As many providers are aware, a HIPAA violation is a serious issue, and can cost a healthcare entity large amounts of time and money to respond to any regulatory investigation. Recognizing that the COVID-19 pandemic has strained every corner of the economy and is THE MOST IMPORTANT issue for almost every industry, the federal government has rolled back some HIPAA protections. It is unclear how long these rollbacks will last, and it is possible that some of them may be permanent, but for now healthcare providers and their business associates can take some comfort that they can focus on delivering care and not dealing with overly burdensome regulations and investigations. The major changes include:

  • Telehealth. Changes include allowing physicians and other healthcare providers to offer telehealth services across State lines, so State licensing issues should not be a concern. Additionally, Providers are essentially free to choose almost any app to interact with their patients, even if it does not fully comply with the HIPAA rules. The HHS allows the provider to use their business judgment, but of course, such communications should NOT be public facing – which means DO NOT allow the public to watch or participate in the visit!
  • Disclosures of Protected Health Information (PHI). A good faith disclosure of such information will not be prosecuted. Examples include allowing a provider or business associate to share PHI for such purposes as controlling the spread of COVID-19, providing COVID-19 care, and even notifying the media, even if the patient has not, or will not grant his or her permission.
  • Business Associate Agreement (BAA). As most healthcare providers know, a BAA agreement between a provider and an entity that may have access to PHI is required by law. During the COVID-19 pandemic, the lack of a BAA is not an automatic violation.

read more

HIPAA Compliance Goes Beyond Protecting Health Information

January 14th, 2020 by

By: Dave Davidson

The Office of Civil Rights within the U.S. Department of Health and Human Services recently imposed $2,154,000 in civil money penalties against Jackson Health System in Miami, Florida for multiple violations of HIPAA.  The majority of the penalties were due to violations of the HIPAA Security and Breach Notification Rules, rather than for the actual breaches of confidentiality.  This action by the government underscores the importance of complying with all of HIPAA, and not just the requirements to safeguard Protected Health Information. read more

The Risk Of Not Paying Attention to HIPAA Violations

October 30th, 2019 by

HIPAA, HIPAA violations, HIPAA compliance

By Jacqueline Bain

On October 23, 2019, the U.S. Department of Health and Human Services has imposed a civil money penalty of over $2 million against Jackson Health System in Florida for repeated HIPAA violations.

The HIPAA violations mentioned in the HHS Press Release include:
1-Loss of paper patient records in December 2012;
2-Loss of additional paper patient records in January 2013;
3-A media report containing patient information (a photo shared on social media);
4-Employees accessing the information of one patient without a job related purpose;
5- An employee’s improper access and sale of patient records in 2011.

“OCR’s investigation revealed a HIPAA compliance program that had been in disarray for a number of years,” said OCR Director Roger Severino. The state of the compliance program allowed for the failure of several HIPAA requirements, including provision of timely and accurate HIPAA breach notifications, performance of regular risk assessments, investigation of identified risks, audits of system activity records, and imposing appropriate restrictions on workforce members’ access to patient information. The government’s final determination is available here.

When a HIPAA breach is discovered and reported, the government will often take the time to review a covered entity’s history of compliance or non-compliance. This may include an investigation into prior issues, effectiveness of policies and procedures, and employee issues. Overlooking one suspected breach may result in the imposition of sanctions on any later breach. This is why it’s so important for a healthcare business to understand its HIPAA obligations and take them seriously.

When was the last time your business conducted a security risk assessment to understand its potential risk areas for security breaches? If you’ve never had one, or haven’t had one recently, the time is now to conduct one. “When was your last security risk assessment?” is often the first thing that the government will ask in response to a breach.

Federal fines for noncompliance with HIPAA are based on the level of negligence perceived by the Federal government at the time of the breach. Fines and penalties range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million. Simply put, your healthcare business can’t afford to bury its head and hope that it won’t be hit.

Why Overlooking Website Terms of Use and Privacy Policy Pages Can Cost You

October 11th, 2019 by

By: Jacqueline Bain

Privacy Policy, Terms of Use, Website, WWWAs many healthcare businesses invest in their websites, two areas that are often added as a quick afterthought (or overlooked completely) are the Terms of Use and Privacy Policy. But a potential slip up in these areas can cost you dearly.

Terms of Use

This section is a contract between you and the users of your website regarding what they can expect from the website and how they will act while on the website. You can use this section to protect you and your business from a variety of potential disasters including (but not limited to): limitless liability and intellectual property infringement.

You can use this section to limit any liability that you might create by having a website. For instance, if you give some medical advice (i.e., “Lowering your cholesterol reduces your risk for a heart attack.”), you can use your Terms and Conditions to limit a user’s reliance on that advice without additional medical intervention (“We are not your treating physician—if you have questions about your cholesterol levels, contact your physician.”).

You can also use this section to inform your users about any intellectual property protections that you might have. If your technology or services have pending or protected status, you’ll need to make your users aware of this information.

Finally, this section should establish the laws under which your website agrees to be governed. Even if the internet knows no boundaries, your website should establish its own. If your business is located in Florida, you can choose to be bound by Florida and Federal laws. It could limit any potential exposure in other states or nations.

Privacy Policy

This section is required by law to inform your website users what kind of data you will collect and how you will use it. A well-crafted Privacy Policy helps you avoid liability under a complex array of state and federal laws dealing with users’ private information.

The Children’s Online Privacy Protection Act (COPPA) protects minors under the age of 13 from having personal information collected without parental consent. How can a website operator be expected to know whether a user is 13 or under? If you plan on collecting any information from your uses, your Terms and Conditions should have a section prohibiting anyone under age 13 from accessing and using your site. It’s a simple fix that can potentially save you huge penalties.

What information will you collect? Does your website use cookies? Will you share any data with outside sources? If yes, your privacy policy is where you tell that to your users!

In healthcare, a website’s Privacy Policy is hugely important. With laws like HIPAA and its state counter parts, including the Florida Information Protection Act, healthcare providers are held to a higher privacy standard than almost any other industry. Take the time to work with your legal advisors to ensure that your privacy policy is tailored to your business and contains language consistent with what you are actually doing to safeguard information.

 

Critical Steps to Help Avoid Cybersecurity Attacks

June 11th, 2019 by

hipaa securityBy: Gary Salman, Guest Contributor

Ransomware attacks are impacting the healthcare community’s HIPAA security at a staggering rate. If a practice has data stolen from their network and they did not report the breach to The Office of Civil Rights (OCR), they could be subject to massive fines for the lack of reporting. Specific steps must be followed to determine if ePHI (electronic protected health information) was compromised. This often involves hiring a forensics company and working with a Cybersecurity company to harden the practice’s infrastructure. When you are the victim of an attack once, you will mostly likely be a victim again because of vulnerabilities in your network that enabled the attack vector (or payload) to infiltrate your system. You cannot simply restore your data and hope for the best. read more

PHI Breach Penalty Dollars Rolling in for Healthcare Enforcement

November 1st, 2018 by

PHI BreachBy: Dave Davidson

It has been a busy autumn for the enforcement of health care privacy rights.  Recent activities range from settling the claim for the largest HIPAA violation in US history, to penalties imposed for filming TV shows, to actions initiated by state governments.  All of these actions confirm the serious position taken by regulators nationwide to protect the privacy of protected health information (PHI).

The Big One

On October 15, 2018, Anthem, Inc., an independent licensee of Blue Cross, paid $16 million to settle its claim with the HHS Office of Civil Rights (OCR), for a breach that compromised the PHI of 79 million people.  This was the largest reported breach in history.  The PHI breach occurred in 2015, when hackers initiated a “spearfishing” attack via fraudulent emails.  The government found that Anthem lacked appropriate information system procedures to identify and respond to security breaches, and minimum access controls to stop these kinds of attacks.

In addition to the financial penalty, Anthem agreed to a corrective action plan, in which it agreed to perform a risk analysis, and incorporate the results of the analysis into its existing processes, in order to achieve a “reasonable and appropriate level” of HIPAA compliance.

This settlement is in addition to the $115 million settlement Anthem reached last year with the victims of the breach. read more

So, You Want to Be in the Pharmacy Business? Building from scratch, acquisitions & other considerations.

March 29th, 2018 by

pharmacy businessBy: Michael Silverman

Like many entrepreneurial endeavors, owning a pharmacy requires careful planning and an astute risk versus reward analysis. However, unlike other industries, venturing into a healthcare business brings with it an entire new world of regulations, and rightly so. Pharmacies don’t sell widgets they sell prescription drugs, and to people whose well-being depends on it being done correctly. As such, there’s a host of state and federal laws a pharmacy must abide by, intended to safeguard patients and the healthcare system as a whole. Don’t let regulatory hurdles alone serve as an insurmountable deterrent from entering into what can be a profitable and fulfilling profession; proactive compliance is the key to success! Here’s an overview of the general steps necessary to become a pharmacy owner, be it from scratch or by acquiring an existing practice. For the purposes of this article, let’s assume it’s a community/retail pharmacy that will be located in Florida.

So what’s better – building from scratch or buying something that’s already out there? Typical lawyer answer – it depends! But I won’t stop there; here are some considerations that must be taken into account to make a proper decision: (1) how quickly does the business need to be up and running? It’s typically a faster process to commence business by acquiring an existing pharmacy rather than buying one, but that depends on (2) what is out there in the current marketplace? If a stock acquisition, all of the known and unknown liabilities will be inherited by the new owner; proper due diligence on the pharmacy’s past is essential. read more