Month: March 2016

HIPAA Audit Season

You knew this was coming, right? The US Department of Health and Human Services’ Office of Civil Rights is in the audit mood again. The American Recovery and Reinvestment Act of 2009 beefed up the privacy and security requirements of HIPAA; in particular, it put a lot more responsibility on business associates to keep patient information secure. ARRA also required HHS to conduct audits to assess covered entities’ and business associates’ compliance with the HIPAA Privacy, Security and Breach Notification rules. In 2011 and 2012, OCR audited 115 covered entities as a pilot of its audit program. Despite ARRA’s new rules for business associates, they mostly dodged that round of audits. Now OCR is launching Phase 2 of its audit program, and this time, it will audit both covered entities and business associates. Considering that business associates handle a lot more patient data now than they did in 2011, it’s not unsurprising that they would be part of the audit pool this time around. OCR considers the audits an important part of its HIPAA compliance program. The audits allow OCR to uncover problems that might not have been discovered through routine complaint investigations and compliance reviews and to develop best practices for HIPAA compliance that it can share with covered entities and business associates. In short, the audits could help prevent future breaches. OCR has started sending out letters...

Read More

We’ve Moved!

I’m pleased to announce that Jolley Law Group has moved into a new office on the north end of Hilton Head Island. The new, larger office gives JLG plenty of room to grow in the coming years. It’s also closer to many of the Island’s health care providers. We look forward to continuing to provide you excellent legal services from our new home. Stop by and see us at 90 Main Street, Suite...

Read More

Article of the Week: Overtime for Lawyers?

The legal profession doesn’t usually find itself on the receiving end of overtime claims. That’s because lawyers, as “professional” employees, are exempt from Federal wage hour laws that require overtime pay for more than 40 hours of work per week. But in the new economy, that could be changing. Record numbers of attorneys – primarily new law graduates – now find themselves with only one employment option: temporary, hourly work reviewing litigation documents. As the hourly rates for this work has plummeted, the newly-organized United Contract Attorneys are now arguing that they should be entitled to overtime pay. Unfortunately, making the case for overtime means conceding that they aren’t “professionals” and that their document review work isn’t really practicing law at all – an admission that many contract attorneys aren’t willing to make. This Washington Post article provides an interesting exposition of both sides of the issue: “The lawyers who are fighting for the same rights as...

Read More

News Brief: Raising the Stakes with Ransomware

I learned a new IT term this week: ransomware. Ransomware is malicious software that blocks access to a computer system until a ransom is paid. Although it was news to me, ransomware is not new; the earliest known use was back in 1989, when the ransom had to be paid via PO Box. The attacks are now much more sophisticated and significantly on the rise. The latest salvo – and the one that brought ransomware to my attention – was the recent attack on Hollywood Presbyterian Medical Center. The hospital discovered at the beginning of February that hackers had infiltrated its computer system and encrypted all of its data, “blacking out” the hospital’s electronic medical record system. The hackers demanded 40 bitcoins (an untraceable virtual “currency”), worth about $17,000, to unlock the data. After ten days of using pen and paper and fax machines to maintain patient records, the hospital paid up. In a statement, they explained that “the quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.” Hollywood Presbyterian claims that patient care was not impacted and that no patient data was compromised. Despite these assurances, the possibility of hackers taking patient information hostage is alarming; it will also be interesting to see if...

Read More