elevating law in evansville, in

phone: (812) 402-1600

Find Us On Find Us On Facebook

Environmental

We have extensive experience with the following areas: Petroleum, Litigation, Real Estate and more.

Read More
Labor

We advise business in the following areas: Employee Benefits, Litigation, Business Advisory and more.

Read More
Real Estate

For those seeking counsel in real estate matters, our areas of expertise include: Construction, Development, Land Use, Litigation and more.

Read More
Private

We handle many private matters for individuals, including: Adoption, Custody, Divorce, Domestic Partnership, Estate Planning and more.

Read More
Criminal

Every criminal case is a serious matter. There are lifelong consequences for any person accused or convicted of committing a crime.

Read More
Personal

Since 1976, our litigators have effectively and efficiently represented clients in federal and state courts in business litigation, municipal law, employment law, personal injury and a variety of complex litigation.

Read More
Products

Since 1976, our litigators have effectively and efficiently represented clients in federal and state courts in business litigation, municipal law, employment law, personal injury and a variety of complex litigation.

Read More
Civil Rights

Since 1976, our litigators have effectively and efficiently represented clients in federal and state courts in business litigation, municipal law, employment law, personal injury and a variety of complex litigation.

Read More
Health

As a part of the "American Recovery and Reinvestment Act of 2009" a civil penalty structure was put in place for Health Insurace Portability and Asccountability Act (HIPAA) violations.

Read More
Government

Our experience uniquely qualifies us to advise in governmental issues: Annexation, Associations/Non-Profits, Cities, Towns, & Counties, Colleges & Universities, Economic Development, Elections and more.

Read More
Business

We provide legal advice for businesses in the following areas: Agribusiness Energy, Diversified Businesses, Emerging Businesses, Federal & State Tax, Finance, and more.

Read More
Probate

Probate is the court procedure by which a decedent’s property is administered for the purpose of passing ownership of assets remaining in the decedent’s name at his/her death.

Read More
Litigation

Since 1976, our litigators have effectively and efficiently represented clients in federal and state courts in business litigation, municipal law, employment law, personal injury and a variety of complex litigation.

Read More

HEALTHCARE LAW NEWS - VOLUME 92

Posted: March 16, 2016

I WANT SOMBODY ELSE’S MEDICAL RECORDS

What happens when someone asks your office or hospital for medical records not their own? This can happen either through governmental investigations or when someone presents a power of attorney or Healthcare Directive form.

Government investigations, including subpoenas or Requests for Production of Documents, should be referred to your counsel immediately. Proper response to investigative subpoenas or a request for records requires immediate and thoughtful review.

On a daily basis, it may be more common for you to be dealing with persons requesting or demanding medical records of others and claiming to act as a healthcare power holder or under a power of attorney. Are these requests valid?

The rise of internet legal providers has resulted in many persons having ineffective or inadequate powers of attorney or Healthcare Directives. When these are referred to me for review, I often find them incomplete, misdrawn (limited in scope or not applicable to the current status of the person for whom the power is prepared) or prepared under the wrong state law.

The problem with these inadequate and defective healthcare powers is that if you provide information based upon an improperly drawn power, you face not only liability to the person whose records you’ve improperly released, but also HIPAA and other privacy law violations.

HOW DID HE EVER GET CAUGHT?

Texas anesthesiologist, Richard Toussaint, Jr. was recently convicted in Texas on seven counts of fraud for false claims from 2009 – 2010. The amount involved was approximately $10 Million. Apparently, Dr. Toussaint falsely claimed personal supervision of anesthesia by CNA’s on occasions when he was:

  • Out of state;
  • On his private jet; and
  • While he was undergoing surgery himself.

Reportedly, Dr. Toussaint faces ten years in prison, millions in fines, and his collection of Bentleys and Rolls-Royces are at risk for seizure.

HOW MUCH SECURITY IS ENOUGH?

HIPAA, and some state laws, require you to implement security safeguards to protect PHI. Sounds reasonable, but what is a reasonable amount of data security?

Usually, this question is raised when there has been a breach and CMS, or some state regulator, is considering how much to fine your organization because you did not have reasonable security. California, and other states, are beginning to address this question. California suggests that there are twenty security controls that represent the minimum level of security that organizations with PHI should meet. California’s approach is that you must have all twenty to meet the minimum standard. The list of the twenty controls are:

  1. Inventory of Authorized and Unauthorized Devices
  2. Inventory of Authorized and Unauthorized Software
  3. Security Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
  4. Continuous Vulnerability Assessment and Remediation
  5. Controlled Use of Administrative Privileges
  6. Maintenance, Monitoring, and Analysis of Audit Logs
  7. Email and Web Browsing Protection
  8. Malware Defenses
  9. Limitation and Control of Network Ports, Protocols, and Services
  10. Data Recovery Capability
  11. Secure Configurations for Network Devices such as Firewalls, Routers, and Switches
  12. Boundary Defense
  13. Data Protection
  14. Controlled Access Based on the Need to Know
  15. Wireless Access Control
  16. Account Monitoring and Control
  17. Security Skills Assessment and Appropriate Training to Fill Gaps
  18. Application Software Security
  19. Incident Response and Management
  20. Penetration Tests and Red Team Exercises

Do you have all 20 controls listed? Should you?

This newsletter is edited by Paul Wallace of Jones ∙ Wallace, LLC, a member of the American Bar Association Healthcare Law Section and the American Health Lawyers Association who has been representing physicians and healthcare practices for over 25 years.  Mr. Wallace assists physicians, practices and hospitals in contract items, federal legal compliance, practice entity creation, estate and wealth planning and similar issues.  Please feel free to call if you have any questions on this newsletter or legal matters at (812) 402-1600 or pwallace@joneswallace.com.