Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

Client Alert

Recent HIPAA Breach Settlements - Lessons Learned

June 19, 2023According to the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR), the consequences for providers may include settlements of $30,000 to $240,000. OCR recently released two settlements for improper breaches of protected health information (PHI) that are good examples of the major monetary penalties that can result from common HIPAA mistakes.Client Alert

The Latest CMS Guidance: HIPAA Edition

June 23, 2022Client Alert

HIPAA Business Associate Agreements: Why These Contracts Matter

January 27, 2021No one loves drafting, reading or negotiating HIPAA Business Associate Agreements (BAAs). Yet many of us need to do so, and some of us do so daily. They are often boring, dense and technical, but BAAs are important from both a legal and a business perspective, and they deserve our attention. Failure to enter a BAA when one is required can constitute a HIPAA violation that results in substantial liability, as demonstrated by certain recent Department of Health & Human Services (HHS) settlements.1 A business associate who makes a disclosure that is not authorized by the applicable BAA or required by law can be subject to civil and, in some cases, criminal penalties. Further, parties are often presented with BAAs that contain onerous one-sided indemnification and other provisions that can be devasting to an organization in the event of a HIPAA breach. The significance of a BAA is often not fully understood by the parties until something goes wrong (e.g., a HIPAA security incident or breach, an Office of Civil Rights (OCR) audit or a fracture in the relationship between the parties) and, at that point, there is limited opportunity to mitigate legal and business risk. Ideally, attention should be given at the commencement of the business associate relationship, when the parties are able, to thoughtfully addressing regulatory requirements, planning and preparing for potential adverse events and appropriately allocating risk among the parties. As with most healthcare regulatory compliance initiatives, a proactive approach with respect to BAAs is preferable. This article provides a broad overview of certain BAA requirements and some practical negotiating tips for the parties involved.Client Alert

Time to Update Your HIPAA Compliance Plan for Telehealth Policies and Procedures

September 8, 2020The delivery of healthcare in this country may be forever changed following the COVID-19 pandemic. Providing services through telehealth technologies initially allowed providers to connect with patients in a safe and socially distant manner and helped keep vital hospital beds free for COVID-19 care. Now, while still a safe, socially distant option, telehealth allows patients to access healthcare services in an efficient manner, decreases the likelihood of cancellations, and expands access to services that do not require an in-person encounter (i.e., surgery, procedure, or test). Telehealth is now widely reimbursed by both federal and commercial payors and more provider types are able to provide telehealth services within their licensed scope of practice.Client Alert

CLIENT ALERT: Will Ohio Recognize a Biddle Claim in a Post-HIPAA World?

October 17, 2019OHIO SUPREME COURT WILL HEAR CASE INVOLVING CLASS ACTION FOR ALLEGED HIPAA VIOLATIONS: Will Ohio Recognize a Biddle Claim in a Post-HIPAA World?Blog Post

HIPAA Compliance Update

January 20, 2016HIPAA compliance has been a part of the regulatory landscape of healthcare since the privacy rules became effective in 2003. Since that time, most providers have taken steps to develop their compliance plans, including distributing notices of privacy practices, obtaining authorizations for release of information as needed, and obtaining business associate agreements from third parties.