Contact Us
Subscribe to this blog via RSS
Join us on LinkedInCategories
- Department of Health and Human Services' Office of Civil Rights
- Medical Residents
- DEI
- Medical Cannabis
- SB 47
- Workplace Violence
- Assisted Living Facilities
- EMTALA
- FDA
- Reproductive Rights
- Roe v. Wade
- SCOTUS
- Medical Spas
- medical billing
- No Surprises Act
- Mandatory vaccination policies
- Workplace health
- Coronavirus Aid, Relief and Economic Security Act
- Code Enforcement
- Department of Labor ("DOL")
- Employment Law
- FFCRA
- CARES Act
- Nursing Home Reform Act
- Acute Care Beds
- Clinical Support
- Coronavirus
- COVID-19
- Emergency Medical Services
- Emergency Preparedness
- Families First Coronavirus Response Act
- Family and Medical Leave Act (“FMLA”)
- KBML
- medication assisted therapy
- SB 150
- Department of Health and Human Services
- Legislative Developments
- Corporate
- United States Department of Justice ("DOJ")
- Employee Contracts
- Non-Compete Agreement
- Opioid Epidemic
- Sexual Harassment
- Health Resource and Services Administration
- Litigation
- Medical Malpractice
- House Bill 333
- Senate Bill 79
- Locum Tenens
- Senate Bill 4
- Physician Prescribing Authority
- Chronic Pain Management
- HIPAA
- Prescription Drugs
- "Two Midnights Rule"
- 340B Program
- EHR Systems
- Electronic Health Records (“EHR")
- Hospice
- ICD-10
- Kentucky minimum wage
- Minimum wage
- Primary Care Physicians ("PCPs")
- Skilled Nursing Facilities (“SNFs”)
- Uncategorized
- Affordable Insurance Exchanges
- Certificate of Need ("CON")
- Compliance
- Department of Health and Human Services (HHS)
- Drug Screening
- Federally Qualified Health Centers (“FQHCs”)
- Fraud
- Health Care Fraud
- HIPAA Risk Assessment
- HPSA
- KASPER
- Kentucky Board of Medical Licensure
- Kentucky’s Department for Medicaid Services
- Mental Health Care
- Office for Civil Rights ("OCR")
- Office of Inspector General of the United States Department of Health and Human Services (OIG)
- Pharmacists
- Physician Assistants
- Qui Tam
- Rural Health Centers (“RHCs”)
- Stark Laws
- Telehealth
- Urinalysis
- Accountable Care Organizations (“ACO”)
- Affordable Care Act
- Alternative Payment Models
- American Telemedicine Association (“ATA”)
- Anti-Kickback Statute
- Centers for Medicare & Medicaid Services (“CMS”)
- Charitable Hospitals
- Criminal Division of the Department of Justice (“DOJ”)
- Data Breach
- Electronic Protected Health Information (ePHI)
- False Claims Act
- Fee for Service
- Health Care Fraud Prevention and Enforcement Action Team (“HEAT”)
- Health Information Technology for Economic and Clinical Health Act (HITECH Act)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- Health Professional Shortage Area ("HPSA")
- Hospitals
- HRSA
- Kentucky Board of Nursing
- Limited Services Clinics
- Medicaid
- Medical Staff By-Laws
- Medically Underserved Area ("MUA")
- Medicare
- Mid-Level Practitioners
- Part D
- Patient Protection and Affordable Care Act (“ACA”)
- Qualified Health Care Centers (“FQHC”)
- Rural Health Clinic
- Telemedicine
- APRNs
- Chain and Organization System (“PECOS”)
- Hydrocodone
- Kentucky Pharmacists Association
- United States ex. Rel. Kane v. Continuum Health Partners
- Webinar
- 2014 Medicare Physician Fee Schedule (“PFS”)
- 501(c)(3)
- Agreed Order
- All-Payer Claims Database ("APCD")
- Chiropractic services
- Chronic Care Management
- Clinical Laboratory Improvement Amendments of 1988 (“CLIA”)
- Compliance Officer
- CPR
- Douglas v. Independent Living Center of Southern California
- Drug Enforcement Agency ("DEA")
- Emergency Rooms
- Enrollment
- Essential Health Benefits
- Hinchy v. Walgreen Co.
- ICD-9
- Jimmo v. Sebelius
- Kentucky Senate Bill 7
- Maintenance Standard
- Medicare Part D
- Minors
- Ophthalmological services
- Overpayments
- Physician Compare website
- Re-validation
- Sustainable Growth Rate (“SGR”)
- Texting
- Vitas Innovative Hospice Care
- "Plan of Correction"
- Affinity Health Plan
- Appeal
- Arbitration
- Cadillac tax
- Centers for Disease Control and Prevention
- Community health needs assessment (“CHNA”)
- Compounding
- Condition of Participation ("CoP")
- Daycare centers
- Decertification
- Denied Claims
- Department of Medicaid Services’ (“DMS”)
- Dispenser
- Division of Regulated Child Care
- Drug Quality and Security Act (“DQSA”)
- EHR vendor
- Employer Mandate
- Fair Labor Standards Act (FLSA)
- Federation of State Medical Boards (“FSMB”)
- Food and Drug Administratio
- Form 4720
- Grace Period
- Health Professional Shortage Areas (“HPSA”)
- HealthCare.gov
- Home Health Prospective Payment System
- Home Medical Equipment Providers
- Hospitalists
- House Bill 3204
- Individual mandate
- Inpatient Care
- Intermediate Sanctions Agreement
- Kentucky Health Benefit Exchange
- Kentucky Medical Practice Act
- Kindred v. Cherolis
- Kynect
- Licensed practical nurses (LPN)
- Licensure Requirements
- LLC v. Sutter
- Long-term care communities
- Long-Term Care Providers ("LTC")
- Low-utilization payment adjustment ("LUPA")
- Meaningful use incentives
- Medicare Administrative Coordinators
- Medicare Benefit Policy Manual
- Medicare Shared Saving Program (MSSP)
- Mobile medical applications ("apps")
- Model Policy for the Appropriate Use of Social Media and Social Networking in Medical Practice (“Model Policy”)
- National Drug Code ("NDC")
- National Institutes of Health
- Network provider agreement
- New England Compounding Center ("NECC")
- Nonprofit hospitals
- Nonroutine medical supplies conversion factor (“NRS”)
- Nurse practitioners (NP)
- Office of the National Coordinator for Health Information Technology (“ONC”)
- Outsourcing facility
- Part A
- Part B
- Payors
- Personal Service Entities
- Physician Payments
- Physician Recruitment
- Physician shortages
- Ping v. Beverly Enterprises
- Power of Attorney ("POA")
- Prescriber
- Qualified Health Plan ("QHP")
- Quality reporting
- Registered nurses (RN)
- Residency Programs
- Social Media
- Spousal coverage
- State Health Plan
- Statement of Deficiency ("SOD")
- Upcoding
- UPS
- “Superuser”
- Advanced Practice Registered Nurses
- Audit
- Autism/ASD
- Business Associate Agreements
- Business Associates
- Call Coverage
- Compliance Programs
- Doe v. Guthrie Clinic
- Employer Group Health Plans
- ERISA
- False Billings
- Genetic Information Nondiscrimination Act ("GINA")
- Group Purchasing Organizations ("GPO")
- Health Reform
- House Bill 104
- Kentucky House Bill 159
- Kentucky House Bill 217
- Kentucky Primary Care Centers (“PCCs”)
- List of Excluded Individuals and Entities
- Managed Care Organizations (“MCOs”)
- Medicare Audit Improvement Act of 2012
- Patient Autonomy
- Patient Privacy
- Personal Health Information
- Provider Self Disclosure Protocol
- Recovery Audit Contractors (“RAC”)
- Self-Disclosure Protocol
- Senate Bill 39
- Senate Finance Committee Report
- State Medicaid Expansion
- Trade Association Group Coverage
- Abuse and Waste
- Center for Disease Control
- Consumer Operated and Oriented Plan programs (“CO-OPS”)
- Critical Access Hospitals (“CAHs”)
- Essential Health Benefits (“EHBs”)
- Free Conference Committee Report
- Healthcare Information and Management Systems Society (HIMSS)
- House Bill 1
- House Bill 4
- Kentucky Cabinet for Health and Family Services
- Kentucky Health Care Co-Op
- Kentucky Health Cooperative (“KYHC”)
- Kentucky “Pill Mill Bill”
- Occupational Safety and Health Administration (“OSHA”)
- Pain Management Facilities
- Small Business Health Options Program (“SHOP”)
- Sunshine Act
- Employee Agreement
- Health Care Fraud and Abuse Control Program
- Health Care Law
- Health Insurance
- Healthcare Regulation
McBrayer Blogs
Health Care Industry Familiar with HIPAA Breaches, Not So Much Hackers
Community Health Systems (“Community”), which operates 206 hospitals in 29 states, recently notified 4.5 million of its patients that online hackers had stolen personal data information from its systems in a period between April and June 2014. The data included names, addresses, birthdates, telephone numbers and Social Security numbers—all of which are protected under HIPAA. According to Community, the data did not include financial or medical information.
It has been reported that the hackers responsible for the attack are a group of cybercriminals from China that traditionally go after intellectual property, including medical device and equipment development data. They used malicious software to obtain the data, which has since been removed by Community from the network. Further remedial efforts are already underway, including notifying affected patients and offering them identity theft protection services.
Hospitals should be accustomed to protecting data against privacy breaches as part of their HIPAA obligations, but outright cybertheft is a threat that many providers have not likely considered. The FBI, which is now investigating the Community incident, said in April that health care providers typically do not use the same high levels of security technology as companies in other industries (such as banking or retail). This makes providers an easy target for hackers. If a leading hospital system like Community can be breached, then hospitals of every size are at risk.
It is crucial that HIPAA-covered entities (and their business associates) understand and identify potential threats to their secured information. The importance of HIPAA risk analysis cannot be stressed enough; in fact, a risk analysis is required as the first step in HIPAA Security Rule compliance. While it may be impossible to build an impenetrable fortress of secured online information, it is evident that health care providers must continue to make it a top priority to protect patient records – both from HIPAA breaches and hackers.
Christopher J. Shaughnessy is a member at McBrayer law. Mr. Shaughnessy concentrates his practice area in healthcare law and is located in the firm’s Lexington office. He can be reached at cshaughnessy@mcbrayerfirm.com or at (859) 231-8780, ext. 1251.
Services may be performed by others.
This article does not constitute legal advice.
