HIPAA -- Compliance and Enforcement Issues

Similar documents
Enforcing HIPAA Administrative Simplification: Dispassionate Enforcement or Compassionate Prosecution?

HIPAA Privacy Rule Compliance Issues

HIPAA Enforcement Rule. Aimee Wall Health Directors Legal Conference Institute of Government April 20, 2006

Handling Criminal Healthcare Fraud Cases Healthcare Enforcement Compliance Institute October 25, :30 to 3:00 P.M. Washington, D.C.

Selected Model Rules of Professional Conduct Ellen C. Yaroshefsky

FRAUD STATISTICS - OVERVIEW

TEXAS ETHICS COMMISSION

OVERVIEW OF THE FALSE CLAIMS ACT 31 U.S.C FALSE CLAIMS

FRAUD STATISTICS - OVERVIEW October 1, September 30, Civil Division, U.S. Department of Justice

INTERNAL INVESTIGATIONS: AVOIDING PITFALLS. Sherilyn Pastor, McCarter & English, LLP (and) Rosemary Stewart, Hollingsworth LLP

CHAPTER 44 HOUSE BILL 2434 AN ACT

THE PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT

AMERICAN RECOVERY & REINVESTMENT ACT OF 2009 TITLE XIII HEALTH INFORMATION TECHNOLOGY ANALYSIS OF PRIVACY AND SECURITY REQUIREMENTS (SUBPART D)

MARCH Vision Care Provider Compliance Deficit Reduction Act

OVERVIEW OF RELEVANT HEALTHCARE LAWS

TEXAS ETHICS COMMISSION

Criminalization of Health Care White-Collar Crash Course

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14

POLICIES AND PROCEDURES FOR DETECTING AND PREVENTING FRAUD, WASTE AND ABUSE

Responding to Government Investigations: What to do when the Government Knocks. Gabriel Colwell Partner Squire Patton Boggs (US) LLP

2009 False Claims Act Amendments: Implications for the Healthcare Community (Procedural Provisions)

Health Information Technology for Economic and Clinical Health (HITECH) Act Privacy and Security Provisions

Corporate Administration Detection and Prevention of Fraud and Abuse CP3030

The Lawyer s Ethical and Legal Duties to protect Private Information

ATTACHMENT A. CERTIFICATION REGARDING MINORITY BUSINESS ENTERPRISES (applicable if an MBE goal is set)

View from a Federal Prosecutor: Legal Pitfalls to Avoid. Medtrade Spring March 28, 2018 Mark Rush Josh Skora

Investigations and Enforcement

DATE ESTABLISHED: June 26, 2007 POLICY NAME: False Claims Act DATE REVISED: 6/10/10, 4/16/12. RESPONSIBLE PARTY: Nancy Kowal DATE: 11/18/2016

Chapter PERSONAL INFORMATION PROTECTION ACT. Article 01. BREACH OF SECURITY INVOLVING PERSONAL INFORMATION

Responding to Government Investigations of Fraud and Abuse: Legal and Practical Issues

NORTH GEORGIA HEALTH DISTRICT County Board of Health Personnel Policy #504 Cherokee, Fannin, Gilmer, Murray, Pickens, Whitfield

Protection for Persons in Care Act

Michigan Medicaid False Claims Act

FRAUD STATISTICS - OVERVIEW

THE CONSUMER PROTECTION ACT 68, PENSION FUNDS LAWYERS ASSOCIATION 07 March 2011

CHAPTER LOBBYING

OVERVIEW. Enacted during the Civil War in To fight procurement contract corruption. To redress fraud involving federal government programs

DATED DISCIPLINARY RULES AND PROCEDURE AND GRIEVANCE PROCEDURE

Hello! I am Artin DerOhanian

HIPAA Enforcement and Settlements. Alissa Smith, Partner Dorsey & Whitney LLP Des Moines, IA

New Mexico Medicaid False Claims Act

OVERVIEW OF RELEVANT HEALTHCARE LAWS

INDIANA FALSE CLAIMS AND WHISTLEBLOWER PROTECTION ACT

A Review of the Current Health Care Fraud Enforcement Environment Brian McEvoy & Ellen Persons

PUBLIC INTEREST DISCLOSURE (WHISTLEBLOWER PROTECTION) ACT

Municipal Lobbying Ordinance

POLICY STATEMENT. Topic: False Claims Act Date Effective: 10/13/08. X Revised New Section: Corporate Compliance Number: 10.05

Montana. Billing Montana's Medicaid program for services not rendered

Government Investigations Into Cybersecurity Breaches In Healthcare

Florida. Florida State False Claims Laws

Self-Report? 10/15/2017. Three Competing Perspectives on Federal Health Care Enforcement Trends: Federal Prosecutor, In-House Counsel, Outside Counsel

The Hawaii False Claims Act

HIPAA Crimes: How the New Crime Wave Affects You. May 17, 2016

UNITED STATES COURT OF APPEALS FOR THE NINTH CIRCUIT

AMERICAN HOMES 4 RENT. Code of Ethics for Principal Executive Officer and Senior Financial Officers

1 IN THE SUPREME COURT OF THE STATE OF NEW MEXICO. 2 Opinion Number: 3 Filing Date: February 6, NO. S-1-SC-35469

Selected Federal Data Security Breach Legislation

APPLICATION INSTRUCTIONS FOR GOING OUT OF BUSINESS SALE PERMIT

IN THE SUPREME COURT OF THE STATE OF NEW MEXICO

ENFORCEMENT RULES & DISCIPLINARY BOARD RULES RELATING TO REINSTATEMENT

TEXAS ETHICS COMMISSION

CHECKLIST FOR PROCESSING JNA. Checklist #1. Citation or complaint filed with court. (Arts , , and , C.C.P.)

Illinois. Civil and Criminal Penalties for False Claims or Statements

MONTANA FALSE CLAIMS ACT (MONT. CODE ANN )

CHAPTER 457. (Senate Bill 796) Vehicle Laws Motor Vehicle Accident Reports Access

Legal Profession Uniform Law Application Act 2014

The Importance of the Attorney-Client Privilege, the Work Product Doctrine, and Employee Legal Rights

Health Care Fraud and Abuse Laws Affecting Medicare and Medicaid: An Overview

Legal and Ethical Considerations (Chapter 3- Mosby s Dental Hygiene)

FRAUD STATISTICS - OVERVIEW October 1, September 30, 2010 Civil Division, U.S. Department of Justice

Councilmember Anita D. Bonds IN THE COUNCIL OF THE DISTRICT OF COLUMBIA

Health Care Compliance Association

Drivers Privacy Protection Act 18 U.S.C et. seq. (Public Law )

Referred to Committee on Legislative Operations and Elections. SUMMARY Revises provisions relating to ethics in government.

107 ADOPTED RESOLUTION

Sec Penalties. Recovery of overpayments. Time limitation on prosecution. (a) Any person who, through error, has received any sum as benefits

STATUTE SECTION STATUTORY BREACH LIABILITY DEFENCE RESPONSIBLE PARTY FEDERAL STATUTES Canada Pension Plan, R.S.C 1985, c. C-8.

Whistleblower Protection

Revised OBJECTS AND REASONS. This Bill would (a)

Reflections on Privacy: Recent Developments in HIPAA Privacy Rule

TEXAS GOVERNMENT CODE CHAPTER 572

MARYLAND STATE TREASURER LOUIS L. GOLDSTEIN TREASURY BUILDING ANNAPOLIS, MARYLAND 21401

Discrimination Complaint and Investigation Procedure

AMERICAN BAR ASSOCIATION STANDARDS FOR IMPOSING LAWYER SANCTIONS

Requirements for Grain Dealers

A Message to Legal Personnel

Responding to Government Investigations

CALIFORNIA FALSE CLAIMS ACT

JUNIPINE HOMEOWNERS' ASSOCIATION Resolution of the Board of Directors ENFORCEMENT RESOLUTION RECITALS

TEXAS ETHICS COMMISSION

New Jersey False Claims Act

STATE FALSE CLAIMS ACT SUMMARIES

Investigating Privacy Breaches under HITECH and HIPAA

CODE OF ETHICS (CONDUCT) FOR ADVOCATES

PMI MEMBER ETHICAL STANDARDS MEMBER CODE OF ETHICS

COMMITTEE OF INVESTIGATION GUIDELINES AND PROCEDURES MANUAL

BARRATRY RULES IN TEXAS. CRIMINAL AND CIVIL PENALTIES

MARCH 6, Referred to Committee on Commerce, Labor and Energy

IN THE SUPREME COURT OF THE STATE OF NEW MEXICO OPINION

APPENDIX A INITIAL TECHNICAL PROPOSAL FORMS. 3. Acknowledgement of Receipt of Addenda Form

Transcription:

HIPAA -- Compliance and Enforcement Issues John T. Bentivoglio Arnold & Porter john_bentivoglio bentivoglio@aporter.com 202.942.5508

Overview HHS approach toward compliance Compliance procedures Civil penalties and enforcement Criminal penalties and enforcement Private remedies Internal sanctions

HHS Compliance Efforts Generally, HHS has pledged a cooperative approach to obtaining compliance HHS will provide technical assistance HHS will seek informal means to resolve disputes

HHS Compliance Efforts Rights of individuals Right to file complaints with HHS Procedures for complaints modeled on existing procedures for civil rights complaints Complainants are protected under so-called whistleblower procedures

HHS Compliance Efforts Responsibilities of covered entities Maintain records Provide HHS with access to records (business partners also required to provide access) Refrain from retaliation against complainants

HIPAA Penalties Civil penalties and criminal penalties State remedies Internal disciplinary requirements Note: the civil and criminal penalty provisions are in the HIPAA statute and are not subject to amendment by HHS via regulation

Civil Penalties Except as provided in subsection (C), the Secretary shall impose on any person who violates a provision of this part a penalty of not more than $100 for each violation, except that the total amount imposed on the person for all violations of an identical requirement or prohibition during a calendar year may not exceed $25,000..

Civil Penalties -- Affirmative Defenses A civil penalty may not be imposed where-- the person did not know, and by exercising reasonable diligence would not have known, of the violation the failure to comply was due to reasonable cause and not to willful lful neglect the failure to comply is corrected within 30 days of discovering the violation HHS may waive or reduce the amount of a civil penalty and/or extend the 30-day deadline for correction of a violation

Criminal Penalties Wrongful disclosure of IIHI Sec. 1177(a). Offense.-- --A A person who knowingly and in violation of this part-- (1) uses of causes to be used a unique health identifier; (2) obtains IIHI relating to an individual; or (3) discloses IIHI to another person, shall be punished as provided in subsection (b)..

Criminal Penalties (cont d( cont d) Elements of the offense Knowledge; Violation of Part C (Administrative Simplification); and One of the following: uses a unique health identifier obtains IIHI relating to an individual discloses IIHI to another person

Criminal Penalties (cont d( cont d) Knowledge requirement The text requires knowledge -- not intent or willfulness Arguably, the government is only required to show knowledge of the act -- not knowledge that the act was wrongful or unlawful

Criminal Penalties (cont d( cont d) Unresolved issue -- are business partners (or others) liable under the criminal penalties or are criminal penalties limited to covered entities?

Investigations and Prosecution Investigations HHS Office for Civil Rights FBI HHS OIG Prosecution DOJ

Criminal Prosecution DOJ has independent litigating authority While DOJ will consult with client agencies, ultimately Federal prosecutors (AUSAs( AUSAs) ) decide whether to continue investigate and/or seek an indictment

State Enforcement Actions State Attorneys General are not explicitly authorized to bring actions However, new HHS regulations may bolster existing or create new theories under state laws e.g.,., state unfair or deceptive trade practice (e.g laws)

Private Remedies No private right of action under HIPAA in Federal court HHS has established procedures for the filing of complaints

Private Remedies (cont d( cont d) Even though HIPAA has no private right of action for individuals to sue in state court, HIPAA may establish national standard of care for data privacy and security practices In some states, courts may recognize a private right of action under common law theories

Internal Sanctions Covered entities must develop and apply sanctions for failure to abide by company policies and/or the HIPAA regulations Range: warning to termination. Sanctions should apply to covered entity s employees and business partners

Conclusion Civil sanctions are modest -- and HHS vows a cooperative approach Criminal penalties are stiff -- and discretion lies with DOJ Suits under State law-- either by Attorneys General or private parties -- could be significant (even without HIPAA private right of action)

Conclusion (cont d( cont d) As with fraud and abuse compliance, comprehensive programs (with support at all levels within the organization) can reduce exposure and risk

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback