Tag Archives: HIPAA

Telemedicine pitfalls to avoid at the state and federal levels

Mobile Health Technologies and Devices  and Implications for Doctors.

Mobile Health Technologies and Devices and Implications for Doctors.

Mobile healthcare technology allows doctors and patients to connect in a virtual patient waiting room. Telemedicine, as many call it, has benefits as well as burdens on everyone involved. There are several state and federal regulatory operations, laws and policies overseeing the use of mobile health technologies. Not only users, but also providers of mobile healthcare technologies should be aware of laws and regulations to make sure they deliver healthcare services consistent with laws and policies.

When healthcare services regulations are not satisfied, the agencies charged with enforcement can get involved. Here in Illinois, the Illinois Department of Financial and Professional Regulations (“IDFPR”) and the Illinois Medical Disciplinary Board can be involved in the investigation of complaints, which can lead to the suspension or revocation of a healthcare provider’s license to practice. Other agencies can get involved in a process leading to financial penalties and media coverage of negative occurrences.

Telemedicine practice can be within the oversight of the FDA, HIPAA, FTC, and the IDFPR.

FDA regulations protect patients from harm from mobile medical devices and applications. On February 9, 2015 the FDA published, Guidance for Industry and Food and Drug Administration Staff, defining types of medical devices, mobile apps, mobile medical apps and examples of how the FDA enforces its regulations. The FDA aims to guide and make nonbinding recommendations, not imposing legally enforceable responsibilities, in the above-linked document.

HIPAA rules, enforced through the Department of Health and Human Services (and state level laws), such as the Breach Notification Rule, Security Rule and the Privacy Rule affect mobile health industries. Applying these rules to telemedicine scenarios requires encryption methods, for example, to prevent rule violations, related fines, and negative public attention. Privacy and security concerns are addressed in the Department of Health and Human Services in, Your Mobile Device and Health Information Privacy and Security. A lost mobile device is the first item on the list of risks.

FTC protections keep consumers aware of fraudulent, deceptive and unfair business practices. In telemedicine the FTC rules most often apply to consumer information disclosures contrary to stated policies and regulations. The fines for violating FTC rules may be significant and a breach of duties could upset other users of mobile healthcare apps if their information is inappropriately transmitted to third parties. The FTC document, Complying with the FTC’s Health Breach Notification Rule, explains how the rule requires a notification be sent to groups of users in the event of a security breach.

IDFPR and similar professional licensing agencies are concerned with healthcare professionals practicing medicine and treating patients outside territorial jurisdictions. A doctor in Illinois practicing medicine in giving service to a patient in Indiana involves licensing regulations in both states. A National Practitioner Data Bank, used among the states, identifies licensee discipline and reports of medical malpractice decisions and settlements in one state that could flag other states to make independent license inquiries.

Michael V. Favia & Associates are available to assist with analysis and advice on difficult mobile healthcare practice matters. With offices conveniently located in the Chicago Loop, Northwest side and suburban meeting locations, you can schedule a discrete meeting with an attorney at your convenience and discretion. For more about Michael V. Favia & Associates’ professional licensing work, please visit www.IL-Licensing.com and feel free to “Like” the firm on Facebook and “Follow” the firm on Twitter.


HIPAA violation triggers $1.44 million jury verdict against Walgreen’s and pharmacist

Most people understand that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) concerns the privacy of our personal healthcare information. Indeed the Act establishes strict rules for the professionals who have access to and keep our private records that contain information from our height and weight to medications we take and illnesses we fight. Many people are very sensitive about others knowing their private medical business, and for good reason. In our society, being sick is often seen as a weakness. What we seldom hear about are violations of HIPAA and what can happen when our private healthcare information is compromised. In this short article, we examine HIPAA and how courts in Indiana addressed a HIPAA violation and the jury awarded $1.44 million to a customer of Walgreen’s for a confidentiality breach.[i]

"Although HIPAA does not create a private cause of action, a recent Indiana Superior Court jury verdict demonstrates that HIPAA still could play an important role in private causes of action in state court based on negligence and professional liability as it relates to confidentiality." JD Supra Law News

“Although HIPAA does not create a private cause of action, a recent Indiana Superior Court jury verdict demonstrates that HIPAA still could play an important role in private causes of action in state court based on negligence and professional liability as it relates to confidentiality.” JD Supra Law News

About the two parts of HIPAA and what they mean to you.

Two main sections of HIPAA affect our private healthcare information. Title I protects our employees and their families’ health insurance during a period of job change or job loss. Title II is the section, known as the Administrative Simplification provisions, that controls national standards for electronic healthcare transactions. This second part concerns national identifiers and applies to healthcare providers, employees and their insurance plans. Security and the privacy of our personal healthcare data is controlled by this second part of the Act.[ii]

The customer’s pharmacist shared confidential information about a pregnancy and the same information used to intimidate the customer who demanded child support from the pharmacist’s husband!

A twisted love triangle and child support payments were central to the case where, unbelievably, a licensed pharmacist’s husband fathered a child with the Walgreen’s customer. When the pharmacist allegedly discovered and disclosed her customer’s prescription information when confronting her husband about the pregnancy. The pharmacist’s husband then allegedly used the private information to both intimidate the customer when she demanded child support payments from the pharmacist’s husband. The abused customer sued Walgreen’s and its pharmacist in the Indiana Superior Court.

The HIPAA law does not specifically address private lawsuits against healthcare providers or other covered persons for violations of the Act. Nevertheless, the Court allowed arguments regarding negligence and professional liability for violating HIPAA. The Plaintiff customer’s complaint alleged both Walgreen’s and its pharmacist “breached their statutory and common law duties of confidentiality and privacy. The complaint also included claims of negligence, invasion of privacy and publication of private facts against the pharmacist and claims of negligent training, supervision and retention against Walgreen’s for continuing to employ the pharmacist after discovering the incident.”

While this is not the first time the structure and intent of the HIPAA law was used to support an individual’s lawsuit for violations of the Act, however, this is the first very large verdict. A $1.44 million dollar loss sends a message that the impact of HIPAA violations is much more severe than an insignificant punishment. Privacy concerns are certainly on our minds, as the media shares more stories about what can happen with laws are not followed.

The Law Offices of Michael V. Favia represent wronged plaintiffs in a variety of cases, including complaints against healthcare professionals who run afoul of HIPAA, either negligently and/or intentionally.

The Law Offices of Michael V. Favia are known for advising and representing clients in connection with healthcare matters. To contact the firm to speak to a lawyer about a healthcare-related concern you may dial (773) 631-4580. For more information about the firm’s practice areas, you can visit the website, Facebook and Twitter sites.