Posts Tagged: HIPAA Privacy

HIPAA Privacy Fines

in HIPAA Privacy & Security

By this time I’m certain you have seen enough Legal Alerts regarding the HIPAA privacy monetary fines that you could wallpaper your living room.  I know I certainly have.  But, does anyone honestly think that the fines were not warranted?  HHS really choose the most egregious violations (access violations and loss of records).  The access violation fine was compounded by an uncooperative covered entity.  HHS did not fine the covered entities for not having proper notices or not having proper written policies.  Rather, HHS choose the most basic of HIPAA privacy rights.  If anything these cases show that covered entities… Continue Reading

On-Site Medical Clinics

in HIPAA Privacy & Security

Martha Sewell, one of my partners at KS, reminded me of a growing issue for on-site medical clinics.  Currently, on-site medical clinics are a HIPAA excepted benefit and the clinic itself is excepted from HIPAA privacy.  However, HHS has never formally defined an on-site medical clinic.  Many of us have thought that the exception may only apply to traditional on-site clinics, and not the large on-site clinics that are established by employers today that are close to fully functional medical offices.  I recently had a chance to discuss this issue with HHS and unofficially HHS indicated that it may change this… Continue Reading

Business Associate Agreements

in HIPAA Privacy & Security

Some controversy has erupted regarding the status of business associate agreements, when the business associate refuses to enter into a business associate agreement. The preamble to the HHS July 14, 2010 proposed regulations provides that – if a covered entity and business associate have failed to enter into a business associate agreement, then the business associate may use or disclose protected health information only as necessary to perform its obligations for the covered entity (pursuant to whatever agreement set the general terms for the relationship between the covered entity and business associate) or as required by law, but any other… Continue Reading

Texas Injury Plans

in Affordable Care Act, HIPAA Privacy & Security, Welfare Benefits

Under Texas law, employers can opt-out of the normal workers’ compensation system by sponsoring a separate, self-insured plan for workplace injuries, typically referred to as a Texas Injury Plan. Texas Injury Plans are treated as ERISA group health plans and subject to the typical ERISA requirements, as well as the HIPAA privacy rules. Recently, some third-party administrators and plan sponsors have begun to review whether these types of plans are covered by the Affordable Care Act, and whether an exception can apply. There are exceptions in ERISA and the Internal Revenue Code for “worker’s compensation and similar insurance” benefits. However, when an employer opts… Continue Reading