Monday, August 14, 2017

Attempting To Avoid The High Cost Of A Reported HIPAA Breach

By: Kimberly Ruppel and Billee Lightvoet Ward

Preventing unintended or unauthorized disclosure of protected health information is an ever-present goal of all covered entities and business associates. However, protective firewalls and electronic data security measures are not enough to avoid a potentially costly penalty or settlement amount in the event of a breach. In order to defend against assessment of civil money penalties or a negotiated settlement payment, it is important to develop and implement policies, and to train personnel relating to those policies. Such measures are also required to comply with the terms of most cybersecurity insurance policies, or risk a carrier’s denial of coverage at a time when it may be needed the most.

In the last 24 months, 349 breaches of unsecured protected health information affecting 500 or more individuals have reported to the Secretary of the Department of Health and Human Services, Office for Civil Rights. Nearly 175 of those breaches occurred in 2017 alone, affecting over 3.2 million individuals in just seven months. From January to July this year, the OCR entered into settlement resolutions related to reported HIPAA breaches for a combined total of approximately $17 million. In 2016, the OCR entered into settlement agreements requiring payment of approximately $48.2 million to resolve reported breaches.

Three of the largest settlement amounts paid this year resulted from failure to develop and implement policies to prevent, report and correct breaches. In February, OCR announced that Memorial Healthcare System paid $5.5 million and agreed to implement a corrective plan to terminate former users’ right of access and to review records of system activity. In April, OCR announced that CardioNet paid $2.5 million and agreed to a corrective plan involving risk analysis and risk management procedures designed to address the possibility of theft. In May, OCR announced that Memorial Hermann Health System agreed to pay $2.4 million and adopt a corrective action plan implementing training of its workforce on impermissible use of PHI.

These outcomes demonstrate the importance of being proactive and implementing policies concerning preventing and responding to a breach whether from a malicious external attack or an inadvertent human error from within. Educating and training personnel to recognize whether and how a breach has occurred and how to respond appropriately are important risk management elements of any cybersecurity plan. Executives and employees alike need to be informed about who is authorized to access PHI, what to do if PHI is disclosed, and how to take swift, corrective action, including self-reporting, in the event of a breach.

If a breach occurs, your defense to potential litigation or government penalties will be stronger, and likely the financial impact will be lesser (including the possibility of insurance coverage), with these measures in place. Counsel with the benefit of understanding these steps will help you navigate potential pitfalls. If you have questions about whether your policies are adequate or in need of updating, please contact the authors for assistance.


For more information, please contact:
Kimberly J. Ruppel
(Member, Troy) can be reached at 248.433.7291 or kruppel@dickinsonwright.com.

Billee Lightvoet Ward (Of Counsel, Grand Rapids) can be reached at 616.336.1008 or bward@dickinsonwright.com.


If you would like a printable version of this insurance/healthcare client alert, click here.

Monday, July 24, 2017

Cyndi Moore Participated in "What’s Driving Health Care Costs in America" Roundtable Discussion

Federal lawmakers need to focus on what’s driving health care costs in America that in turn contributes to the rising cost of health coverage.  That’s according to a group of health care industry executives who gathered for a recent roundtable conversation organized by MiBiz. They also said that health care needs more cost transparency and consumerism.


Participating in the roundtable was Cynthia Moore, Member and Practice Department Manager: Domestic Relations, Employee Benefits, Estate Planning, Gaming and Immigration, Troy, Dickinson Wright PLLC.  The following are highlights of the discussion featuring Cyndi Moore's responses.

What are employers to make of what Congress is doing right now on health care?

The way I look at the bills is they’re just kind of tinkering on the fringes of what the problem is, which is the cost of care and the cost of claims. There was some truth, some legitimacy, to the Democrat argument. This really is a giant tax cut funded by huge cuts to Medicaid over the long term, which is very concerning and it doesn’t address access and affordability. A lot of that, I think, is driven by the fact that this is being enacted through the reconciliation process, so they can’t really look at this on a global basis, which is really what they should be doing.

In the discussion of health and health care, does America need a little bit of tough love?

"As long as it’s coupled with the ability to make an informed health care decision. If we have those transparency tools so people can make an informed decision — and it would be great if those could be coupled with some measure of quality of care — if we could see both the cost and the quality coupled together, it’d be like consumer corporate health care and it would be fabulous".


What’s the single biggest misunderstanding about health care and health insurance?


"Every time you add a benefit, the cost goes up. So what do we want our insurance to be? What should it be? Should it only be for catastrophic or major things? Should people really be expected to pay some of these costs from their own pocket? It’s a conundrum".

Let’s tackle that question. What should health insurance be?

"I guess I liked it when it was just covering more of the catastrophic illnesses and injuries and maybe a small component of preventative services. Maybe you get $500 a year or something to go get your physical and deal with things, but the rest of it, I mean, you ought to be thinking about, ‘I have to write a check for this. I’m going to go get this service.’ Less benefits are going to lead to less cost and less premiums".


For more information, please contact Cynthia A. Moore, in our Troy office at 248-433-7295.

Friday, July 14, 2017

“Managing Your Managed Care Contracts: What You Need To Know” On Demand Webinar


Peter Domas presented an informative webinar designed to help you understand how to better manage the contracts at your long term care facility. With a new administration in Washington, D.C. there are a wide variety of changes coming to Medicare, Medicaid, and other payment models and services that will impact your facility. This one-hour dynamic webinar will cover:

·         Contentious contracts -- what should you really be fighting for?

·         Reimbursements 101 -- what's appropriate, what's not

·         Who is keeping track of all the contracted services at your facility?

Be sure to join us for this informative "On Demand" webinar. Dickinson Wright's Peter Domas will lead the discussion with helpful hints to understand the important relationship between the managed care contract and the vendors providing the services.
 
Please click here to begin the recorded webinar.
 
 

Friday, July 7, 2017

"Blessings in Disguise: The Hidden Opportunities of Healthcare Bankruptcies" Webinar

With the changes in the healthcare reimbursement and regulatory environment, it is all but certain we will see an increase in the number of distressed healthcare entities over the next few years.  Whether your organization is doing well, or underperforming, there are significant opportunities in this uncertain time.  The team at Dickinson Wright advises healthcare entities across the full spectrum of financial performance, and whether you are concerned about your organization’s financial sustainability, or are seeking opportunities to expand operations through acquisition of distressed entities, we have developed strategies to maximize your organization’s goals. 

Please join Carolyn (CJ) Johnsen and Peter Domas on Thursday, July 13, 2017, at 2:00 p.m. EDT for a well-rounded and interactive discussion on leveraging opportunities with distressed healthcare entities.  Key takeaways include:
·       Identify risks and opportunities over the next 3 to 5 years facing healthcare entities.
·     Learn strategies available to distressed healthcare entities seeking to regain sustainability.
·      Understand and mitigate risks unique to acquiring distressed healthcare entities.
 
Please register here today!
The webinar is complimentary but registration is required. We're looking forward to your participation!


Ms. Johnsen's experience includes creating complex plans of reorganization for multi-million dollar companies in a wide-range of industries, including mortgage lending, real estate, manufacturing, retail, refining, hospitality, aviation and energy-related. Ms. Johnsen has advised private and public corporations in formulating and implementing managerial, personnel and operational structures. She has also guided numerous boards and senior managers in developing strategies and solutions for revising operations and restructuring debt to effectuate the emergence of a stronger business through bankruptcy, or to take advantage of acquisition and sale opportunities, including the application of bankruptcy procedures favorable to corporate securities regulation compliance. In addition, Ms. Johnsen has negotiated multiple multi-million dollar transactions with lenders, investment bankers and brokers, asset purchasers and sellers, and governmental agencies. She may be reached in  our Phoenix office at 602-285-5040.

Peter Domas is Of Counsel at Dickinson Wright. Peter’s practice is devoted to representing clients in the healthcare industry, and assisting them in navigating the complex statutory and regulatory environment unique to healthcare corporate, transactional, and litigation matters. Peter also counsels clients on the development and maintenance of effective internal compliance programs with a special focus on federal and state fraud and abuse laws, reimbursement regulations, and HIPAA.  Prior to entering the practice of law, Peter directed the Midwest's contract compliance audit operations for a national service company whose clients included numerous national, local and government insurance providers. Peter is also a Certified Public Accountant in both Michigan and Illinois. Peter may be reached in our Troy office at 248-433-7595.