Holland & Hart's Health Law Blog
  • Publications
  • Webinar Recordings
    • 2025 Webinar Recordings
    • 2024 Webinar Recordings
    • 2023 Webinar Recordings
    • 2022 Webinar Recordings
    • 2021 Webinar Recordings
    • 2020 Webinar Recordings
    • 2019 Webinar Recordings
    • 2018 Webinar Recordings
    • 2017 Webinar Recordings
    • 2016 Webinar Recordings
  • Compliance Bootcamps
  • Attorneys
  • Healthcare Law
  • Employers’ Lawyers Blog
  • Search
  • Menu Menu

Handling HIPAA Breaches: Investigating, Mitigating and Reporting

October 22, 2018/in HIPAA

by Kim Stanger

HIPAA privacy and security violations can result in fines of $110 to $55,100 to covered entities (including healthcare providers and health plans) and their business associates. (45 CFR 160.404). If the violation resulted from “willful neglect”, the Office for Civil Rights (“OCR”) must impose a mandatory fine of $11,002 to $55,100. (45 CFR 160.404). To make matters worse, covered entities and their business associates must self-report breaches of unsecured protected health information (“PHI”) to the affected individual and to HHS (45 CFR 164.400); failure to do so may constitute “willful neglect” resulting in mandatory fines. The good news is that the OCR may not impose a fine so long as the covered entity or business associate did not act with “willful neglect” and corrected the problem within 30 days. (45 CFR 160.410(b)).

Responding to Possible Breaches. Given the potential consequences, it is critical that covered entities and business associates respond appropriately to potential HIPAA breaches to avoid or minimize their liability. Below are steps that you may follow to help identify and timely respond to HIPAA breaches. Read more

https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png 0 0 admin https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png admin2018-10-22 16:22:232018-10-22 16:22:23Handling HIPAA Breaches: Investigating, Mitigating and Reporting

Producing Records of Other Providers

October 10, 2018/in Consent, Health Information, Healthcare Law, HIPAA, Idaho Healthcare Law

by Kim Stanger

There is a common misunderstanding that healthcare providers may not or should not produce medical records that were created by another healthcare provider.

Under HIPAA, patients have a right to access all records that a provider maintains in a designated record set, i.e., documents the provider uses to make decisions about a patient’s healthcare or payment for healthcare. (45 CFR 164.524). This would generally include records the provider obtains or receives from other providers relating to the patient’s care. Thus, providers generally must produce such records in response to the patient’s request; failure to do so would violate HIPAA. The OCR published the following FAQ relevant to this issue:

A provider might have a patient’s medical record that contains older portions of a medical record that were created by another previous provider. Will the HIPAA Privacy Rule permit a provider who is a covered entity to disclose a complete medical record even though portions of the record were created by other providers?

Answer: Yes, the Privacy Rule permits a provider who is a covered entity to disclose a complete medical record including portions that were created by another provider, assuming that the disclosure is for a purpose permitted by the Privacy Rule, such as treatment. Read more

https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png 0 0 admin https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png admin2018-10-10 20:43:442018-10-10 20:43:44Producing Records of Other Providers

Idaho Fraud and Abuse Statutes: Requirements, Penalties and Repayments

October 5, 2018/in Fraud and Abuse, Healthcare Law, Idaho Healthcare Law

By Kim Stanger

Most Idaho healthcare providers are—or should be—aware of federal fraud and abuse laws, including the False Claims Act, Anti-Kickback Statute, Ethics in Patient Referrals Act (“Stark”), and the Civil Monetary Penalties Law, but they may not realize that Idaho has its own fraud and abuse laws that also apply. Violations may result in criminal, civil, and administrative penalties in addition to the obligation to repay amounts received in violation of the rules and provider agreement.

1. Idaho Anti-Kickback Statute. It is illegal for a health care provider to engage in the following misconduct:

(1)(a) Knowing that the payment is for the referral of a claimant to a service provider, either to accept payment from a [healthcare] provider or, being a [healthcare] provider, to pay another; or

(b) To provide or claim or represent to have provided services to a claimant, knowing the claimant was referred in violation of paragraph (a); [or]

(2) [E]ngage in a regular practice of waiving, rebating, giving, paying, or offering to waive, rebate, give or pay all or part of a claimant’s deductible or claim for casualty, disability insurance, worker’s compensation insurance, health insurance or property insurance.

(Idaho Code § 41-348). The statute applies to referrals for “health care services”, which are defined as “a service provided to a claimant for treatment of physical or mental illness or injury arising in whole or substantial part from trauma.” (Id. at § 41-348(2)). Violations may result in civil monetary penalties of up to $5,000. (Id. at §§ 41-348(4) and 41-347(1)). Significantly, the Idaho statute is broader than its federal counterpart: it applies to services payable by private payers as well as government programs. Read more

https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png 0 0 admin https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png admin2018-10-05 22:37:522018-10-05 22:37:52Idaho Fraud and Abuse Statutes: Requirements, Penalties and Repayments

Sports and Student Physicals: Legal Issues

August 8, 2018/in Hospitals & Health Systems, Physician Practices

By Kim Stanger

It’s that time of year when many healthcare providers offer free or discounted sports or student physicals as a community service or marketing ploy. If you participate in such programs, make sure you consider the legal issues, including the following:

  • Confirm that your malpractice insurance covers such services. Some states have statutes that protect practitioners when providing free medical services at such community events. (See, e.g., Idaho Code § 39-7701 et seq.). If you are relying on such a statute, make sure that you comply with the conditions associated with—and beware the limits to—such protection. For example, these statutes usually do not protect the provider against intentional or grossly negligent conduct. Make sure your malpractice insurance covers any gap.
  • If the student is an unemancipated minor, you likely need effective parental consent for the exam or treatment. Effective consent requires that you provide sufficient information concerning the risks, benefits, and scope of services to ensure the consent is truly informed.
  • Ensure that the student and/or their personal representative understand the limited scope of your services. You may want to have them acknowledge in writing that you are only providing the limited services associated with the program, and that you are not undertaking to provide ongoing or follow-up care unless you expressly agree otherwise.

Read more

https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png 0 0 admin https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png admin2018-08-08 18:22:362018-08-08 18:22:36Sports and Student Physicals: Legal Issues

Paying Hospital-Employed Physicians for Services Performed by Others

July 9, 2018/in Reimbursement & Collections

By Kim Stanger

The Ethics in Patient Referrals Act (“Stark”) prevents hospitals from paying employed or contracted physicians in the same way that physicians are or were paid by independent physician groups.  Specifically, physician groups may generally pay physicians a share of the profits from services performed by others, but hospitals may not pay physicians in a way that varies with the volume or value of referrals for certain services payable by Medicare or Medicaid, which usually precludes paying physicians a share of profits or a percentage of fees for services referred or ordered by the physician but performed by others.

Stark Requirements.  Per Stark, if a physician (or a member of the physician’s family) has a financial relationship with an entity, the physician may not refer patients to that entity for certain designated health services1 payable by Medicare or Medicaid unless the financial arrangement is structured to fit within a regulatory safe harbor.  (42 USC § 1395dd; 42 CFR § 411.353).  Under Stark’s “group practice” safe harbors, physician groups that qualify as a “group practice” may pay physician group members based on services the physician personally performs, services billed “incident to” the physician’s personally performed services, or, subject to certain limits, a portion of the overall profits of the group, including profits from services derived from services performed by others.  (See 42 CFR §§ 411.353 and 411.355(a)-(b)).  These “group practice” safe harbors are not available to physicians who are employed by the hospital. Read more

https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png 0 0 admin https://hhhealthlawblog.com/wp-content/uploads/2024/05/logo_vertical-v2.png admin2018-07-09 17:28:292018-07-09 17:28:29Paying Hospital-Employed Physicians for Services Performed by Others
Page 25 of 45«‹2324252627›»

Idaho Patient Act Timeline


View our Idaho Patient Act Timeline Guide

Holland & Hart

This blog is maintained by the Health Law practice group of Holland & Hart LLP. Visit the Holland & Hart website.

Subscribe to Email Updates

Enter your Email:

Contact

If you have any questions, please contact Kim Stanger.

More COVID-19 Articles


View more COVID-related articles on our Labor & Employment Blog

Categories

Archives

Disclaimer

This publication is designed to provide general information on pertinent legal topics. The statements made are provided for educational purposes only. They do not constitute legal or financial advice nor do they necessarily reflect the views of Holland & Hart LLP or any of its attorneys other than the author. This publication is not intended to create an attorney-client relationship between you and Holland & Hart LLP. Substantive changes in the law subsequent to the date of this publication might affect the analysis or commentary. Similarly, the analysis may differ depending on the jurisdiction or circumstances. If you have specific questions as to the application of the law to your activities, you should seek the advice of your legal counsel.

Privacy Policy

View our privacy policy.

© Copyright 2025 | Holland & Hart LLP - Enfold WordPress Theme by Kriesi
Scroll to top