elevating law in evansville, in

phone: (812) 402-1600

Find Us On Find Us On Facebook

Environmental

We have extensive experience with the following areas: Petroleum, Litigation, Real Estate and more.

Read More
Labor

We advise business in the following areas: Employee Benefits, Litigation, Business Advisory and more.

Read More
Real Estate

For those seeking counsel in real estate matters, our areas of expertise include: Construction, Development, Land Use, Litigation and more.

Read More
Private

We handle many private matters for individuals, including: Adoption, Custody, Divorce, Domestic Partnership, Estate Planning and more.

Read More
Criminal

Every criminal case is a serious matter. There are lifelong consequences for any person accused or convicted of committing a crime.

Read More
Personal

Since 1976, our litigators have effectively and efficiently represented clients in federal and state courts in business litigation, municipal law, employment law, personal injury and a variety of complex litigation.

Read More
Products

Since 1976, our litigators have effectively and efficiently represented clients in federal and state courts in business litigation, municipal law, employment law, personal injury and a variety of complex litigation.

Read More
Civil Rights

Since 1976, our litigators have effectively and efficiently represented clients in federal and state courts in business litigation, municipal law, employment law, personal injury and a variety of complex litigation.

Read More
Health

As a part of the "American Recovery and Reinvestment Act of 2009" a civil penalty structure was put in place for Health Insurace Portability and Asccountability Act (HIPAA) violations.

Read More
Government

Our experience uniquely qualifies us to advise in governmental issues: Annexation, Associations/Non-Profits, Cities, Towns, & Counties, Colleges & Universities, Economic Development, Elections and more.

Read More
Business

We provide legal advice for businesses in the following areas: Agribusiness Energy, Diversified Businesses, Emerging Businesses, Federal & State Tax, Finance, and more.

Read More
Probate

Probate is the court procedure by which a decedent’s property is administered for the purpose of passing ownership of assets remaining in the decedent’s name at his/her death.

Read More
Litigation

Since 1976, our litigators have effectively and efficiently represented clients in federal and state courts in business litigation, municipal law, employment law, personal injury and a variety of complex litigation.

Read More

HEALTHCARE LAW NEWS - VOLUME 89

Posted: January 28, 2016

TWO MIDNIGHT RULE FIGHT

Law suits continue with HHS under its Two-Midnight Rule, that has resulted in reimbursement cuts for hospitals. Fifty more hospitals have filed or joined in law suits that call the HHS’s rule, its enforcement, and the financial estimates used in the rule as arbitrary and capricious.

MY RIGHT TO MY DATA

Federal and state laws, including HIPAA, not only are intended to provide privacy safe guards for patient data, but also often include provisions that give patients rights to access their PHI. OCR released an FAQ document and a facts sheet intended to bring attention to patient rights to access their healthcare information. It will be interesting to see how hospitals and insurers react to the OCR initiative to allow patients to look at their own information and help insure its accuracy and truthfulness.

FAQ’s and other guidance with regard to patient PHI access rights add details. In addition to state law requirements, HIPAA specifically requires covered entities to provide individuals upon their request with access to PHI about them in one or more “designated record sets”. Patient rights include inspection, copying, or both, as well as the right to direct a covered entity to transmit a copy to another person or entity.

     Designated records sets include:

  • Medical records and billing records about individuals;
  • Enrollment, payment, claims adjudication and case or medical record management systems maintain by or for a health plan;
  • Other records that are used by a covered entity to make decisions about individuals. This includes records that are used to make decisions about any individuals whether or not the records have been used to make a decision about the particular individual requesting access;
  • Records include any item collection or grouping of information that includes PHI and has been maintained, collected, used, or disseminated by a covered entity.

     The only information excluded is:

  • Quality assessment and improvement records, patient safety activity records, business planning, etc. Another example would a hospital’s peer review files.
  • Psychotherapy notes, etc.
  • Information compiled with a reasonable expectation of use in litigation

Note that the individual also has the right to access PHI about themselves in a designated record set maintained by a business associate on behalf of a covered entity. This means, that if you have business associates (BA) serving you, which have PHI about your patient set, an access request to you must also be transmitted to your business associate, and such information from the BA must be included in your response. Note that this information includes the right to access genomic information from a critical lab.

Usually, there must be a response to a PHI access request within thirty days after receipt of a request.

Finally, avoid unreasonable measures. You may not require a person requesting their PHI to appear personally at your office to sign forms to request their information be mailed to them. Nor may you require use of a web portal. Nor may you require that they be mailed if an individual is willing to pick them up. You may also not require the requester to state why they want the information. As the HIPAA Rule makes clear, the PHI is the patients and not the medical providers.

IU HEALTH LAFAYETTE DATA BREACH

Apparently, a USB flash drive containing health information for more than 29,000 patients was lost at Indiana University Health, in Lafayette, Indiana. Reportedly, the patient information did not include SSNs or credit card data. IU Health indicates that they have not yet received any indication of fraudulent use of any patient data. As is usual in these cases, the USB flash drive was not encrypted.

We continue to suggest that all portable devices which can hold PHI be encrypted whether on a flash drive, thumb drive, laptop, tablet, phone, or any similar device.

This newsletter is edited by Paul Wallace of Jones ∙ Wallace, LLC, a member of the American Bar Association Healthcare Law Section and the American Health Lawyers Association who has been representing physicians and healthcare practices for over 25 years.  Mr. Wallace assists physicians, practices and hospitals in contract items, federal legal compliance, practice entity creation, estate and wealth planning and similar issues.  Please feel free to call if you have any questions on this newsletter or legal matters at (812) 402-1600 or pwallace@joneswallace.com.