Lobbying Affiliate: MML&K Government Solutions
{ Banner Image }

Healthcare Law Blog

Comprehensive Healthcare law services. It's kind of our bag.

Contact Us

* Indicates a required field.

Categories

McBrayer Blogs

Related Blogs

Showing 7 posts in Patient Privacy.

What the Anthem Cyberattack Means for the Health Care Industry

Unfortunately, account hacks and data breaches are nothing new. Every day, we hear reports of hackers compromising networks and their protected data. When it happens on a massive scale to a powerful player in the health insurance industry, however, all health care entities should sit up and take note. On February 4, 2015, Anthem Inc. (“Anthem”), the second largest health insurance company in America, admitted that hackers compromised the company’s network and stole the information of up to 80 million customers. This may be the largest health-related data breach in history. More >

A New Reason to Protect Protected Health Information

Recently, an Indiana jury awarded a plaintiff $1.8 million in damages after a Walgreens pharmacist inappropriately used her position to find and share the plaintiff’s protected health information (“PHI”). [1] As health care providers know, the Health Insurance Portability and Accountability Act (“HIPAA”) provides both civil and criminal penalties for improper disclosure of medical information but it does not create a state-based private cause of action for violation of its provisions. Thus, when someone’s PHI is inappropriately shared or disclosed by a health care provider, the individual does not have personal legal recourse against the offending party. The recent Indiana case (herein “Walgreens Co.”) illustrates, however, that HIPAA still has a significant role in state court suits alleging negligence and professional liability as it relates to confidentiality.

More >

Guidance on Mental Health & the HIPAA Privacy Rule

The U.S. Department of Health and Human Services recently issued guidance entitled, “HIPAA Privacy Rule and Sharing Information Related to Mental Health.” As the title implies, it offers information as to when it may be permissible under HIPAA for health care providers to share information related to a patient’s mental health, including instances when the patient may be a minor. The direction, issued in the form of Q&As, comes as HHS seeks to strike a balance between a patient’s privacy rights in mental health records and public safety concerns. The clarifications could not come at a better time, as the health care industry prepares for an influx of patients who now have insurance that includes mental health coverage.  Below are some of the highlights from the guidance: More >

Secure Text Messaging in a HIPAA World?

Texting is becoming an increasingly acceptable form of communication in the business world, but can it be relied upon in the health care industry? There are numerous advantages to texting in the fast-paced world of health care. In an environment where time is of the essence, voicemails and pagers can slow down providers’ care and fail to convey adequate information. A text, on the other hand, is both immediate and can be detail-specific. In addition, texting can involve more than one sender and/or receiver in a closed-loop conversation, and, unlike through the paging system, a sender can be notified when the message has been read by the receiver(s). Text messaging can not only improve an entity’s efficiency, but it can also serve as a way to easily connect with patients, thereby improving quality of care. More >

Guidance on Mobile Medical Apps

Recently, the U.S. Food and Drug Administration (“FDA”) issued its much-anticipated final guidance for developers of mobile medical applications (“apps”). Apps run on mobile communication devices and can present unique problems not only to consumers, but also to providers who must walk a fine line between meaningful use requirements and HIPAA regulations regarding personal health information (“PHI”). More >

Doe v. Guthrie Clinic, Ltd.: A New Privacy Battleground?, cont.

Earlier this week, I mentioned the Doe v. Guthrie Clinic, Ltd.[1] case and what it may mean for provider liability. In a nutshell, the plaintiff in Guthrie seeks to extend the fiduciary duty of patient confidentiality beyond the licensed provider to the medical corporation, including hospitals and medical practices.  Under the proposed theory, the hospital or medical practice could be held directly liable for the unauthorized disclosure of patient information regardless of whether an employee disclosed the information within the scope of employment.  In other words, the unauthorized disclosure of patient information would be attributed to the medical corporation, which acting through its representatives, breached patient confidentiality. More >

Doe v. Guthrie Clinic, Ltd.: A New Privacy Battleground?

Most health care providers are aware of the significant liability implications of a breach of protected health information, including, in some cases, the cost of issuing a breach notification to affected individuals.  Providers have not, however, faced significant liability from patient lawsuits filed directly against a hospital or medical practice for damages arising from a breach of confidentiality.  The reason is that patients face an uphill battle when suing a hospital or medical practice directly because most laws that protect patient information, including HIPAA, do not provide a private right of action for patients to sue the provider. More >

Lexington, KYLouisville, KYFrankfort, KY: MML&KFrankfort, KY LawGreenup, KYWashington, D.C.