“You have to stay in shape. My grandmother started walking five miles a day when she was 60. She’s 97 today and we don’t know where the hell she is.”
— Ellen DeGeneres
Top Story
Life Hope, LLC just suffered an extremely preventable HIPAA breach. They are now reaping severe repercussions. A breach like this can happen extremely easily. You could be the next provider to suffer from the same breach. Continue reading to see an example of an HHS agreement on how to handle a HIPAA breach.
What is New?
A review by the HHS can take place to look into compliance of Privacy, Security, and Breach Notification Rules following a complaint. Covered entities and business associates are subject to a review, and must comply with the investigation. Life Hope Labs, LLC (“Life Hope Labs”), a covered entity is required to comply with the HIPAA Rules.
The Background
On August 24, 2021, OCR received a complaint against Life Hope Labs. The complaint stated that Life Hope Labs did not provide the victim with a copy of the patient’s medical records after a request for access was made in July. The records were not sent until February 16, 2022, 225 days after the request.
What HHS Had to Say
- “This Agreement is not an admission of liability by Life Hope Labs.”
- “This Agreement is not a concession by HHS that Life Hope Labs is not in violation of the HIPAA Rules and not liable for civil money penalties.”
- “This Agreement is intended to resolve HHS Transaction Number: 04-21-439775 and any violations of the HIPAA Rules related to the Covered Conduct specified in paragraph I.2 of this Agreement. In consideration of the Parties’ interest in avoiding the uncertainty, burden, and expense of formal proceedings, the Parties agree to resolve this matter according to the Terms and Conditions below.”
The Agreed Upon Terms
- “HHS has agreed to accept, and Life Hope Labs has agreed to pay HHS, the amount of $16,500.” “Life Hope Labs agrees to pay the Resolution Amount on the Effective Date of this Agreement”
- “Life Hope Labs has entered into and agrees to comply with the Corrective Action Plan”
- “If Life Hope Labs breaches the CAP, and fails to cure the breach as set forth in the CAP, then Life Hope Labs will be in breach of this Agreement and HHS will not be subject to the Release set” in #4.
- “In consideration of and conditioned upon Life Hope Labs’s performance of its obligations under this Agreement, HHS releases Life Hope Labs from any actions it may have against Life Hope Labs under the HIPAA Rules arising out of or related to the Covered Conduct”. “HHS does not release Life Hope Labs from, nor waive any rights, obligations, or causes of action other than those arising out of or related to the Covered Conduct and referred to in this paragraph. This release does not extend to actions that may be brought under section 1177 of the Social Security Act”.
- “Life Hope Labs shall not contest the validity of its obligation to pay, nor the amount of, the Resolution Amount or any other obligations agreed to under this Agreement. Life Hope Labs waives all procedural rights granted under Section 1128A of the Social Security Act”. Also, “HHS claims collection regulations at 45 C.F.R. Part 30, including, but not limited to, notice, hearing, and appeal with respect to the Resolution Amount.”
- “This Agreement is binding on Life Hope Labs and its successors, heirs, transferees, and assigns.”
- “Each Party to this Agreement shall bear its own legal and other costs incurred in connection with this matter, including the preparation and performance of this Agreement.”
- “This Agreement is intended to be for the benefit of the Parties only and by this instrument the Parties do not release any claims against or by any other person or entity.”
- “This Agreement constitutes the complete agreement between the Parties. All material representations, understandings, and promises of the Parties are contained in this Agreement. Any modifications to this Agreement shall be set forth in writing and signed by all Parties.”
- “The Agreement shall become effective (i.e., final and binding) upon the date of signing of this Agreement and the CAP by the last signatory (Effective Date).”
- “A civil money penalty (“CMP”) must be imposed within six years from the date of the occurrence of the violation. To ensure that this six-year period does not expire during the term of this Agreement, Life Hope Labs agrees that the time between the Effective Date of this Agreement and the date the Agreement may be terminated by reason of Life Hope Labs’s breach, plus one-year thereafter, will not be included in calculating the six (6) year statute of limitations applicable to the violations which are the subject of this Agreement. Life Hope Labs waives and will not plead any statute of limitations, laches, or similar defenses to any administrative action”
- “HHS places no restriction on the publication of the Agreement.”
- “This Agreement may be executed in counterparts, each of which constitutes an original, and all of which shall constitute one and the same agreement.”
- “The individual(s) signing this Agreement on behalf of Life Hope Labs represents and warrants that they are authorized to execute this Agreement and bind Life Hope Labs” “The individual(s) signing this Agreement on behalf of HHS represent and warrant that they are signing this Agreement in their official capacities and that they are authorized to execute this Agreement”
An investigation by the HHS is very time-consuming. The binding contract above is quite extensive regarding what the expectations set for both parties are. HIPAA breaches are extremely common and quite costly. Staying up to date with the current HIPAA regulations is imperative.
Diamond of the Week
New York City 💎
New York City has launched a new initiative to wipe out medical debt for its residence. Whether a person owes money to a hospital or a medical provider the city wants to help. A new partnership has been launched with Medical Debt Resolution/RIP Medical Debt. To learn more about this new initiative click here.
Who’s the WOAT
Melatonin 😡
New research is showing that more and more people are relying on melatonin, a common sleep aid, to help them fall asleep. Over the past decade the average dosage that people are taking has seemed to double. People are now taking a dangerously high dosage. To read more about this study click here.
Who Knew
The misconception: Some people humorously believe that HIPAA stands for “Hush, It’s a Private Affair Act,” suggesting that it mandates complete silence and secrecy about all medical matters.
Do people really believe this?! The idea is that any discussion of health-related information, whether in a casual conversation or formal setting, must be avoided at all costs to comply with HIPAA. It portrays HIPAA as a strict law that prohibits any mention of medical conditions or health issues, even in the most private or confidential settings.
Of course, in reality, HIPAA does not mandate absolute silence or prevent discussions about medical matters altogether. Its main focus is on protecting the privacy and security of individuals’ protected health information (PHI) and establishing standards for how healthcare providers and organizations handle and share that information.
HIPAA does encourage healthcare providers to use discretion and appropriate safeguards when discussing patient information to prevent unauthorized access or disclosures. However, it does not impose a complete ban on discussing health matters or medical conditions in appropriate contexts.
The humorous take on HIPAA as the “Hush, It’s a Private Affair Act” adds a lighthearted twist to the misconceptions surrounding the law, showcasing the creativity of people’s interpretations of its privacy principles. Nonetheless, it’s essential to understand the real purpose and provisions of HIPAA to ensure compliance with its regulations.
A Round of Applause For…
Lilith (Bean) Shindell 👏
Bean works very hard to put together an informational newsletter for you and it is paying off! We have received raving comments about the newsletter from both clients and non-clients! Great Job, Bean!
Sources:
- “Life Hopes Resolution Agreement and Correction Action Plan.” HHS.Gov, 3 Jan. 2023, https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/life-hopes-ra-cap/index.htmlsecurity.com/news/healthcare-data-breach-at-pa-rehab-center-impacts-130k. Accessed 4 Jan. 2023.
- Think You’re Compliant? Find Out!
- Carosh Compliance Solutions, 10769 Broadway #106, Crown Point, IN, 46307