Lessons Learned from Real Time vs. PointClickCare: Mind your Information Blocking Ps and Qs

Lessons Learned from Real Time vs. PointClickCare: Mind your Information Blocking Ps and Qs

by | Aug 16, 2024 | , , , ,

A federal district judge has granted preliminary injunctive relief to Real Time Medical Systems, Inc. (“Real Time”) barring the defendant, PointClickCare (“PCC”), from deploying unsolvable CAPTCHAs that interfered with Real Time’s ability to access the data of its skilled nursing facility customers that utilized PCC. As Judge Xinis wrote in the opinion, “No evidence supports that PCC had any legitimate good faith use for wholly inscrutable CAPTCHAs which, by definition, blocked Real Time from getting the very records it needs to exist….But even more damning is the timing of such deployments, which support that PCC used those CAPTCHAs as a device to hamstring or eliminate Real Time as a competitor.” Keep reading for additional details regarding Real Time’s complaints against PointClickCare.

Update: On August 19, 2024, PointClickCare filed a Motion to Expedite Appeal with the United States Court of Appeals for the Fourth Circuit.

read more
Hefty Monetary Disincentives Proposed for Health Care Providers Engaged in Information Blocking – But Not Every Provider Is on the Hook.

Hefty Monetary Disincentives Proposed for Health Care Providers Engaged in Information Blocking – But Not Every Provider Is on the Hook.

by | Oct 31, 2023 | ,

The Proposed Rule for enforcement is out, and the potential financial “hit” that health care providers may face if the OIG finds them to have violated the Information Blocking Rule (IBR) could be substantial, but don’t get spooked. The reach of the proposed enforcement has limitations. Read more to find out why.

read more
Is Your Organization Paying for the Cost of Health Care? You Might be Responsible for a Health Plan with HIPAA Compliance Obligations.

Is Your Organization Paying for the Cost of Health Care? You Might be Responsible for a Health Plan with HIPAA Compliance Obligations.

by | Sep 21, 2023 | , , ,

OCR reaches a new $1.3 million dollar settlement with a health plan for HIPAA violations. OCR says, “HIPAA-regulated entities need to be proactive in ensuring their compliance with the HIPAA Rules, and not wait for OCR to reveal long-standing HIPAA deficiencies.” Employers that offer Employee Benefits must evaluate if they are responsible for a health plan with HIPAA compliance obligations.

read more
Penalties for Violation of the Information Blocking Rule Start Today!

Penalties for Violation of the Information Blocking Rule Start Today!

by | Sep 1, 2023 | ,

OIG’s authority to begin enforcement of the Information Blocking Rule begins September 1, 2023. Certain Actors subject to the Information Blocking Rule may be subject up to a $1 million penalty per violation! Actors need to be proactive in ensuring their compliance with the Information Blocking Rule and not wait for the OIG to discover them.

read more
AHA Writes Letter to HHS and Pushes Back on OCR’s Online Tracking Guidance

AHA Writes Letter to HHS and Pushes Back on OCR’s Online Tracking Guidance

by | May 30, 2023 | , , ,

After OCR created a Morton’s Fork for hospitals and health systems by publishing its HIPAA Guidance on the Use of Online Tracking Technologies, the American Hospital Association initially stayed out of the fray. Not any more. In its letter dated May 22, 2023, AHA makes its case to HHS as to why OCR’s Online Tracking Guidance should be suspended or amended.

read more
FTC Finds that Ovulation Tracking App Violated the Health Breach Notification Rule

FTC Finds that Ovulation Tracking App Violated the Health Breach Notification Rule

by | May 18, 2023 | , , ,

The FTC releases its second enforcement action under the Health Breach Notification Rule in just over 3 months. This time, the FTC found that a fertility app called Premom shared sensitive fertility information with third parties for unauthorized purposes. While Premom told its users that it would not share their health information with third parties without users’ consent, it used third-party automated tracking tools known as software development kits (SDKs) which shared highly sensitive health information (e.g., data about an individual user’s sexual & reproductive health, pregnancy status etc.) for advertising and marketing purposes.

read more
FTC Orders BetterHelp Health App to Pay $7.8M for Sending User Data to Facebook & Snapchat

FTC Orders BetterHelp Health App to Pay $7.8M for Sending User Data to Facebook & Snapchat

by | Mar 2, 2023 | , , ,

The FTC issued a proposed order requiring BetterHelp to pay $7.8 million to consumers to settle charges that it shared consumers’ health data with Facebook, Pinterest, Snapchat, and Criteo after promising to keep such data private and claiming it is “certified” as “HIPAA compliant.” The real juice of this case is in the FTC compliant — and HIPAA-covered providers, facilities & organizations can learn a lot about what to watch out for with health data Apps as we continue to march towards the FHIR.

read more
Not So Sunny News in Arizona –  Major Health Care System Agrees to Pay $1.25 Million HIPAA Settlement for Cybersecurity Hacking Incident from 2016

Not So Sunny News in Arizona –  Major Health Care System Agrees to Pay $1.25 Million HIPAA Settlement for Cybersecurity Hacking Incident from 2016

by | Feb 8, 2023 | , , ,

The forecast for Arizona is thunderstorms, at least for at least one health care system. Last week, OCR announced a $1.25 settlement for HIPAA Security Rule violations brought to light by a cybersecurity hacking incident that took place over five years ago.

read more
Is Your Organization Ready for an OCR HIPAA Compliance Review re: Use of Online Tracking Technology?

Is Your Organization Ready for an OCR HIPAA Compliance Review re: Use of Online Tracking Technology?

by | Jan 5, 2023 | , , ,

On December 1, 2022, OCR released a “guidance” Bulletin re: “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.” From it, we learned (among other things) that OCR believes that an individual’s IP addresses and geo location, collected by a regulated entity’s website, is protected by HIPAA. Now, we have come to learn that HIPAA compliance investigations by OCR are already underway concerning this topic. Are you ready?

read more
OCR Delivers a Quintuplet of HIPAA Resolutions – Sets the Tone for Providers Blocking Patients’ Access to PHI

OCR Delivers a Quintuplet of HIPAA Resolutions – Sets the Tone for Providers Blocking Patients’ Access to PHI

by | Sep 16, 2020 | , ,

Yesterday, all at once, OCR announced that it has entered into five new Resolution Agreements — each of them stemming from one or more violations of HIPAA’s right of  access afforded to individuals. There are several interesting observations about these new cases that are worth taking note of.

read more
CMS Extends Publication Deadline for Stark Law Changes

CMS Extends Publication Deadline for Stark Law Changes

by | Sep 14, 2020 | , , , , , ,

At the last hour, CMS extended the deadline for publishing much anticipated changes to the Stark Law. Originally expected for publication this past August, CMS extended the deadline to August 2021, noting that “… we are still working through the complexity of the issues raised by comments received on the proposed rule and therefore we are not able to meet the announced publication target date.” Together with the OIG’s counterpart rule, the proposed rules contain the potential for significant modernization of the Stark Law and Anti-kickback Statute as part of the “Regulatory Spring to Coordinated Care” as well as increased alignment and coordination between the two sets of laws.

read more

Archives