On May 10, 2017, the US Department of Health & Human Services (HHS) announced a settlement with Texas-based Memorial Hermann Health System (MHHS) for $2.4 million due to MHHS’s unauthorized disclosure of patient protected health information (PHI). HHS also announced that HHS and MHHS entered into a Resolution Agreement, and MHHS agreed to a corrective action plan.
HIPAA / Health Privacy & Security
Arent Fox began advising clients in matters involving the privacy and security of health information long before the final promulgation of the Privacy and Security Standards under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). In fact, we represented clients before Congress and HHS throughout the negotiations of the Administrative Simplifications Provisions of HIPAA and the crafting of the final regulations. We also developed a comprehensive model HIPAA compliance program that enables health care providers to implement the Federal Privacy Standards in a systematic and efficient manner.
Given the depth of our HIPAA experience, we are uniquely positioned to provide our clients with a comprehensive, cost-effective means to incorporate new HIPAA and HITECH requirements into existing compliance programs, assess their obligations under the new data breach notification requirements, and unravel the complex HIPAA issues that frequently arise in the context of clinical research. Clients facing a HIPAA enforcement action can turn to Arent Fox with confidence knowing that one of our attorneys was involved in the resolution of the largest HIPAA enforcement case to date.
On March 27, 2017, Rachel Yount attended the Health Care Compliance Association’s Compliance Institute 2017, where Illiana Peters, a senior advisor at Health and Human Services, Office for Civil Rights (“OCR”), provided an “OCR Enforcement Update.”
A recent decision from the Fourth Circuit Court of Appeals in Beck v. McDonald, 848 F.3d 262 (4th Cir. 2017), adds to the list of circuit courts of appeal that have held that that the mere threat of future harm resulting from a data breach, without more, is insufficient to satisfy the injury-in-fact requirement for Article III standing.
For the first time in nearly three decades, the Substance Abuse and Mental Health Services Administration (SAMHSA) has updated the regulations on the confidentiality of substance abuse treatment records found in 42 C.F.R. Part 2 (the Part 2 Regulations).
An Austrian hotel was a recent victim of a “ransomware” computer attack that disabled its electronic room key system and locked up its own computers, and this follows ransomware attacks on hospitals. These attacks demonstrate that hospital administrators should be sure that IT agreements adequately address the risks of cyberattacks. Moreover, this important lesson applies to health care institutions as ransomware causes great harm because it locks up and makes patient and other records unavailable at the very time they are required for ongoing medical care.
ABOUT ARENT FOX LLP
Arent Fox LLP, founded in 1942, is internationally recognized in core practice areas where business and government intersect. With more than 350 lawyers, the firm provides strategic legal counsel and multidisciplinary solutions to clients that range from Fortune 500 corporations to trade associations. The firm has offices in Los Angeles, New York, San Francisco, and Washington, DC.