Latest $100,000 HIPAA Resolution Agreement Nails Physician Group,

April 17, 2012

The $100,000 settlement with an Arizona-based physician group announced today by the Department of Health & Human Services (HHS) Office of Civil Rights (OCR) under the Health Insurance Portability & Accountability Act of 1996 (HIPAA) demonstrates the need for all health care providers, health plans, health care clearinghouses (covered entities) and their business associates to maintain appropriate HIPAA compliance and risk management procedures and documentation.

Arizona-based Phoenix Cardiac Surgery, P.C. (PCS) will pay the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) a $100,000 settlement and take corrective action to implement policies and procedures to safeguard the protected health information of its patients to settle OCR charges PCS violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. Health care providers and other HIPAA-covered entities should heed the PSC and other recent settlements as the latest signal of the risks that health care providers and other covered entities run by failing to adequately implement and administer appropriate HIPAA compliance practices.

The PCS settlement follows an extensive OCR investigation of a report that PCS posted clinical and surgical appointments for its patients on a publically accessible Internet-based calendar. Among other things, the Resolution Agreement documenting the PCS settlement states that OCR’s investigation found that the persistent failure by PCS to adopt HIPAA required policies and safeguards, maintain required business associate agreements, and conduct necessary workforce training resulted in the prohibited posting of more than 1,000 separate entries of ePHI on a publicly accessible, Internet-based calendar and business associates improperly receiving and maintaining PHI and ePHI without the protection of required business associate agreements.

Under the PCS HHS Resolution Agreement available here, PCS will pay a $100,000 settlement amount and a corrective action plan that includes a review of recently developed policies and other actions taken to come into full compliance with the Privacy and Security Rules. Like the $1,500,000 Blue Cross Blue Shield of Tennessee (BCBST) Resolution Agreement announced last month, the PCS shows OCR’s readiness to sanction health care providers and other covered entities of all sizes for violations of HIPAA.

Enforcement Actions Highlight Growing HIPAA Exposures For Covered Entities

Like the BCBST Resolution Agreement and other previously announced OCR Resolution Agreements, the PCS provides more evidence of the growing exposures that health care providers, health plans, health care clearinghouses and their business associates need to carefully and appropriately manage their HIPAA responsibilities. See $1.5 Million HIPAA Settlement Reached To Resolve 1st OCR Enforcement Action Prompted By HITECH Act Breach Report; HIPAA Heats Up: HITECH Act Changes Take Effect & OCR Begins Posting Names, Other Details Of Unsecured PHI Breach Reports On Website. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In the face of rising enforcement and fines, OCR’s initiation of HIPAA audits and other recent developments, covered entities and their business associates should tighten privacy policies, breach and other monitoring, training and other practices to reduce potential HIPAA exposures in light of recently tightened requirements and new enforcement risks.

In response to these expanding exposures, all covered entities and their business associates should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration OCR’s investigation and enforcement actions, emerging litigation and other enforcement data; their own and reports of other security and privacy breaches and near misses, and other developments to determine if additional steps are necessary or advisable.

For more information about the PCS Resolution Agreement and HIPAA compliance and risk management tips, see here.

For Representation, Training & Other Resources

If you need assistance monitoring HIPAA and other health and health plan related regulatory policy or enforcement developments, or to review or respond to these or other health care or health IT related risk management, compliance, enforcement or management concerns, the author of this update, attorney Cynthia Marcotte Stamer may be able to help.

Vice President of the North Texas Health Care Compliance Professionals Association, Past Chair of the ABA Health Law Section Managed Care & Insurance Section and the former Board Compliance Chair of the National Kidney Foundation of North Texas, Ms. Stamer has more than 24 years experience advising health industry clients about these and other matters. Ms. Stamer has extensive experience advising and assisting health care providers, health plans, their business associates and other health industry clients to establish and administer medical privacy and other compliance and risk management policies, to health care industry investigation, enforcement and other compliance, public policy, regulatory, staffing, and other operations and risk management concerns. She regularly designs and presents HIPAA and other risk management, compliance and other training for health plans, employers, health care providers, professional associations and others.

Scheduled to serve as the scribe for the ABA Joint Committee on Employee Benefits agency meeting with OCR, Ms. Stamer also regularly works with OCR and other agencies, publishes and speaks extensively on medical and other privacy and data security, health and managed care industry regulatory, staffing and human resources, compensation and benefits, technology, public policy, reimbursement and other operations and risk management concerns. Her publications and insights appear in the Health Care Compliance Association, Atlantic Information Service, Bureau of National Affairs, World At Work, The Wall Street Journal, Business Insurance, the Dallas Morning News, Modern Health Care, Managed Healthcare, Health Leaders, and a many other national and local publications. For instance, Ms. Stamer for the second year will serve as the appointed scribe for the ABA Joint Committee on Employee Benefits Agency meeting with OCR. Her insights on HIPAA risk management and compliance frequently appear in medical privacy related publications of a broad range of health care, health plan and other industry publications Among others, she has conducted privacy training for the Association of State & Territorial Health Plans (ASTHO), the Los Angeles Health Department, the American Bar Association, the Health Care Compliance Association, a multitude of health industry, health plan, insurance and financial services, education, employer employee benefit and other clients, trade and professional associations and others.

You can get more information about her HIPAA and other experience here.

If you need assistance with these or other compliance concerns, wish to inquire about arranging for compliance audit or training, or need legal representation on other matters please contact Ms. Stamer at (469) 767-8872 or via e-mail here.

You can review other recent publications and resources and additional information about the other experience of Ms. Stamer here. Examples of some recent publications that may be of interest include:

DC Court Enjoins Implementation of NLRB Poster Rule

Orthofix Medical Device Exec Awaits Sentencing After Pleading Guilty To Violating Anti-Kickback Law

Health Care Providers Also Should Guard Against Rising Exposures To State Health Care Fraud & Other Enforcement Risks

Director of Texas Office of e-Health Coodination To Discuss Texas HIE Strategy in 3/14 HHS Sponsored Teleconference

Halfway House Owner Gets 24 Months Imprisonment For Health Care Fraud & Kickback Conviction

Health Plans Should Act Quickly To Prepare Affordable Care Act Required Summary of Benefits & Communications & Update Other Health Plan Communications

NLRB Report Shows Rise In Unfair Labor Practice Complaints & Formal Proceedings

Sullivan University System to Pay $483,000 in Back Wages Overtime Violations Stemming From Worker Misclassifications

New DOL Final Rules Tighten Requirements For Employers To Hire Alien Workers Using H-2B Visas

OSHA $1Million Award Against AirTran Airways Highlights Retaliation Risks

HHS Chides Trustmark Life Insurance Company For “Excessive” Health Premium Increases After Affordable Care Act Rate Audit

Labor Department Final Rule Defines Recreation Vehicle For Longshore & Harbor Workers’ Compensation Act

Portion of Health Care Costs Paid By Government Programs Rose As Employer Provided & Other Private Health Care Coverage Declined In 2010

Help Careflite Celebrate New Facility 1/11

Careflite Dedicates New Facility January 11, 2012

Manufacturer’s Excessive I-9 Documentation Triggers Discrimination Liability

If you need help investigating or responding to a known or suspected compliance, litigation or enforcement or other risk management concern, assistance with reviewing, updating, administering or defending a current or proposed employment, employee benefit, compensation or other management practice, wish to inquire about federal or state regulatory compliance audits, risk management or training, or need legal representation on other matters please contact Ms Stamer here or at (469) 767-8872.

If you or someone else you know would like to receive future updates about developments on these and other concerns, please be sure that we have your current contact information – including your preferred e-mail – by creating or updating your profile here. For important information concerning this communication click here. If you do not wish to receive these updates in the future, send an e-mail with the word “Remove” in the Subject to here.

©2012 Cynthia Marcotte Stamer, P.C.  Non-exclusive right to republish granted to Solutions Law Press, Inc.   All rights reserved.

DC Court Enjoins Implementation of NLRB Poster Rule

April 17, 2012

The District Court for the District of Columbia  today (April 17, 2012) granted employers a temporary reprieve from the obligation to comply with a National Labor Relations Board (NLRB) poster mandate scheduled to take effect April 30, 2012.

The NLRB rule that was scheduled to take effect on April 30 would dictate that most private sector employers post a 11-by-17-inch notice informing workers of certain union organizing and other labor-management relations rights under the National Labor Relations Act using language dictated by the NLRB.   The notice is available at no cost from the NLRB through its website, which has more information on posting requirements and NLRB jurisdiction.

Facing litigation challenging the rule, the NLRB announced on December 23, 2011 that it would delay the deadline to comply with the rule until April 30, 2012.   Today’s court ruling enjoins the NLRB from enforcing the new requirement pending additional litigation.

In addition to the D.C. Circuit Court’s decision, a South Carolina Court also recently issued rulings questioning the NLRB’s enforcement mechanisms under the impending rule.

In response to today’s D.C. Circuit Court decision, NLRB Chairman Mark Gaston Pearce said of the recent decisions, “We continue to believe that requiring employers to post this notice is well within the Board’s authority, and that it provides a genuine service to employees who may not otherwise know their rights under our law.”  Nevertheless, the NLRB announced today thaat it plans to delay further implementation of the poster rule by its regional offices pending the outcome of the impending litigation.

While the poster requirement is delayed, the NLRB continues to pursue an active regulatory and enforcement agenda.  See, e.g., Employers Face New Labor-Management Exposures Under Activist National Labor Relations Board.  Employers should continue to strengthen their labor-management policies and practices to mitigate the growing labor exposures that result from this activist agenda. 
For Help or More Information
If you need help with labor and employment or other human resource, performance management, internal controls or compliance and risk management matters, please contact the author of this article, Cynthia Marcotte Stamer.  Board Certified in Labor & employment Law by the Texas Board of Legal Specialization,management attorney, author and consultant  Ms. Stamer is nationally and internationally recognized for more than 24 years of work helping private and governmental organizations and their management; employee benefit plans and their sponsors, administrators, fiduciaries; employee leasing, recruiting, staffing and other professional employment organizations; schools and other governmental agencies and others design, administer and defend innovative compliance, risk management, workforce, compensation, employee benefit, privacy, procurement and other management policies and practices. Her experience includes extensive work helping employers carry out, audit, manage and defend worker classification,union-management relations, wage and hour, discrimination and other labor and employment laws, procurement, conflict of interest, discrimination management, privacy and data security, internal investigation and discipline and other workforce and internal controls policies, procedures and actions. 
Widely published on worker classification and other workforce risk management and compliance concerns, the immediate past-Chair of the American Bar Association (ABA) RPTE Employee Benefits & Other Compensation Committee and current Co-Chair of its Welfare Plan Committee, Vice Chair of the ABA TIPS Section Employee Benefits Committee,  a Council Representative of the ABA Joint Committee on Employee Benefits, Government Affairs Committee Legislative Chair for the Dallas Human Resources Management Association, and past Chair of the ABA Health Law Section Managed Care & Insurance Interest Group, Ms. Stamer works, publishes and speaks extensively on management, worker classification, re-engineering, investigations, human resources and workforce, employee benefits, compensation, internal controls and risk management, federal sentencing guideline and other enforcement resolution actions, and related matters.  She also is recognized for her publications, industry leadership, workshops and presentations on these and other human resources concerns and regularly speaks and conducts training on these matters. Her insights on these and other matters appear in the Bureau of National Affairs, Spencer Publications, the Wall Street Journal, the Dallas Business Journal, the Houston Business Journal, and many other national and local publications. For additional information about Ms. Stamer and her experience or to access other publications by Ms. Stamer see here or contact Ms. Stamer directly.

Other Resources

If you found this update of interest, you also may be interested in reviewing some of the other updates and publications authored by Ms. Stamer available including:

About Solutions Law Press

Solutions Law Press™ provides business risk management, legal compliance, management effectiveness and other resources, training and education on human resources, employee benefits, compensation, data security and privacy, health care, insurance, and other key compliance, risk management, internal controls and other key operational concerns. If you find this of interest, you also be interested reviewing some of our other Solutions Law Press resources available at


©2011 Cynthia Marcotte Stamer, P.C.  Non-exclusive license to republish granted to Solutions Law Press. All other rights reserved.