Hi, How Can We Help You?

Tag Archives: HIPAA

Practices for Guarding Against HIPAA Breaches in Your Company

Author By Crystal M. LykinsPosted on

If your company is classified as a “covered entity” (most healthcare providers are covered entities) or a “business associated” of a covered entity, you are surely aware of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA requires protection and confidential handling of individuals’ protected health information (or “PHI”). Healthcare organizations and businesses that provided services to healthcare organizations that create, use, or disclose PHI are required to safeguard it and to follow the various HIPAA rules – such as the privacy rule, the security rule, and the breach notification Rules.

A HIPAA violation could leave an individual’s sensitive, personal health information (PHI) exposed to others without causing the individual harm.  It could also result in an investigation by the government.  As part of its investigation, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights could impose hefty fines and other civil penalties.  Following a serious and intentional HIPAA violation, the Department of Justice may pursue criminal charges against the violator.

Given the serious consequences of a HIPAA violation, companies that handle health information and companies who provide services to those companies, should make sure that their handling of PHI is in compliance with the various HIPAA rules.

  • Install security — Computer files should be protected through passwords, encryption and other cybersecurity methods. Physical files containing PHI should be kept under lock and key, accessible only by designated, HIPAA-trained personnel.
  • Keep computer credentials individualized and confidential — A HIPAA violation may result from an unauthorized employee using another employee’s credentials to access PHI. Employees should have their own computer login information and accounts that provide access to the type of information pertinent to their job.
  • Communicate responsibly — An employee may violate HIPAA by discussing a person’s medical details in public or via text, email or phone. Communications should be sent through secure, approved channels.
  • Close or dispose of documents the right way — Tossing or leaving out a piece of paper that includes a person’s PHI or leaving a file up on a computer screen for everyone to see, can be considered HIPAA violations. Establish a method for disposing of confidential documents to make them unreadable, indecipherable and unable to be reconstructed, in accordance with HIPAA rules.

A HIPAA violation can be harmful to the violated individual as well as to the person or organization responsible for the violation. Our healthcare law attorneys work with covered entities to handle and help prevent violations of HIPAA. 

About Finney Law Firm, LLC

Founded in 2014, FLF has grown to 15 attorneys located in offices in Eastgate and downtown Cincinnati with five major practice areas: Corporate Law, Real Estate Law, Employment Law, Commercial Litigation and Public Interest and Constitutional Litigation.  FLF has the unique claim to three 9-0 victories at the United States Supreme Court for its public interest practice along with breakthrough class action work.

FLF also has an affiliated title insurance company, Ivy Pointe Title, LLC, that closes and insures nearly a thousand commercial and residential real estate transactions annually.

For more information about Finney Law Firm, visit finneylawfirm.com.

Media Contact: Mickey McClanahan; mickey@finneylawfirm.isoc.net; 513.797.2850.

 

Compliance With HIPAA Rules for Employee Data Security

Author By Todd McMurtryPosted on

The Health Insurance Portability and Accountability Act (HIPAA) imposes strict requirements on
employers, particularly those classified as covered entities or business associates, to protect the privacy
and security of employees’ protected health information (PHI). HIPAA mandates that these entities
implement safeguards to ensure the confidentiality, integrity, and availability of PHI, including physical,
administrative and technical measures.


Common HIPAA violations in the workplace include the following:


  1.  Unauthorized access and disclosure — Allowing unauthorized individuals to view or receive PHI,
    such as sharing health information without patient consent or displaying it publicly.
    2. Lack of safeguards — Failing to secure electronic PHI (ePHI) through encryption, proper access
    controls, or secure transmission methods.
    3. Insufficient training — Not providing adequate training for employees on HIPAA compliance,
    leading to mishandling of PHI.
    4. Inadequate data disposal — Improper disposal of records containing PHI, such as not shredding
    documents or securely erasing electronic files.
    5. Social media misuse — Sharing PHI on social media platforms without consent.


Penalties for HIPAA violations depend on the level of negligence and can range from financial fines to
criminal charges. The Department of Health and Human Services’ Office for Civil Rights (OCR) categorizes
violations into four tiers, with penalties escalating based on the level of culpability:


  1.  Tier 1 — Violations where the entity was unaware and could not have reasonably avoided the
    violation, with fines ranging from $137 to $68,928 per violation.
    2. Tier 2 — Violations due to reasonable cause, but not willful neglect, with fines from $1,379 to
    $68,928 per violation.
    3. Tier 3 — Willful neglect violations corrected within 30 days, with fines starting at $13,785.
    4. Tier 4 — Willful neglect violations not corrected within 30 days, with penalties up to $2,067,813
    annually.


An employment law attorney experienced with HIPAA compliance can advise companies on how to
avoid significant penalties by taking positive actions, such as the following:


  1.  Implement comprehensive training programs — Regular training for all employees on HIPAA
    regulations and the proper handling of PHI.
    2. Establish robust security measures — Use encryption, access controls and secure
    communication channels to protect ePHI.
    3. Develop clear policies and procedures — Establish clear protocols for accessing, using and
    disclosing PHI, and ensure all employees understand these policies.
    4. Regular audits and risk assessments — Conduct regular audits and assessments to identify and
    address potential vulnerabilities in PHI protection.


In the event of a breach, companies must act swiftly by notifying affected individuals and the OCR,
conducting a thorough investigation and implementing corrective actions to prevent future incidents.


About Finney Law Firm, LLC

Founded in 2014, FLF has grown to 15 attorneys located in offices in Eastgate and downtown Cincinnati with five major practice areas: Corporate Law, Real Estate Law, Employment Law, Commercial Litigation and Public Interest and Constitutional Litigation.  FLF has the unique claim to three 9-0 victories at the United States Supreme Court for its public interest practice along with breakthrough class action work.

FLF also has an affiliated title insurance company, Ivy Pointe Title, LLC, that closes and insures nearly a thousand commercial and residential real estate transactions annually.

For more information about Finney Law Firm, visit finneylawfirm.com.

Media Contact: Mickey McClanahan; mickey@finneylawfirm.isoc.net; 513.797.2850.

 

How Businesses Can Deal With the FTC Ban on Noncompetes

Author By Todd McMurtryPosted on

A recent action by the Federal Trade Commission (FTC) purports to make illegal any contract whereby an
employee agrees not to enter into competition with the employer during or after the employment
period. Noncompete agreements typically restrict the employee from joining a competing firm, starting
a competing business or sharing proprietary information within a certain geographic area and for a
specified time period.


The FTC rule announced in April 2024 bans most noncompete agreements in employment contracts
across the United States. This rule aims to eliminate barriers to worker mobility, enhance competition,
and promote innovation by preventing employers from limiting employees’ future employment
opportunities. The regulation not only applies to future noncompete agreements but also requires the
rescission of most existing ones, compelling employers to notify workers that their noncompetes are no
longer in effect.


Before this rule, noncompete agreements were subject to state laws, which varied significantly. In
Kentucky, for instance, noncompetes were enforceable if they were reasonable in scope, duration and
geographic area. Courts would typically uphold these agreements if they were necessary to protect
legitimate business interests, such as trade secrets or goodwill. Ohio had similar requirements,
emphasizing that noncompetes must be no broader than necessary to protect the employer’s legitimate
interests, must not impose undue hardship on the employee and must not be injurious to the public.


With the FTC’s new rule, the enforceability of noncompete agreements will undergo a fundamental
shift. While the rule broadly prohibits noncompetes, it does allow for some exceptions, particularly in
the sale of a business where the restriction may be necessary to protect the value of the sold business.
However, these exceptions are narrowly defined, and the general presumption under the new rule is
against the enforceability of noncompetes. Employers in Kentucky, Ohio and other states will need to
reassess their employment agreements to ensure compliance with federal law.


In the new regulatory landscape, businesses are encouraged to explore alternative means of protecting
their interests, such as nondisclosure agreements (NDAs) and non-solicitation agreements, which are
not covered by the FTC’s ban and can still be used to prevent the misuse of confidential information and
the poaching of clients or employees. A business contracts attorney experienced with restrictive
covenants can advise you about provisions suitable for your company’s needs.


About Finney Law Firm, LLC

Founded in 2014, FLF has grown to 15 attorneys located in offices in Eastgate and downtown Cincinnati with five major practice areas: Corporate Law, Real Estate Law, Employment Law, Commercial Litigation and Public Interest and Constitutional Litigation.  FLF has the unique claim to three 9-0 victories at the United States Supreme Court for its public interest practice along with breakthrough class action work.

FLF also has an affiliated title insurance company, Ivy Pointe Title, LLC, that closes and insures nearly a thousand commercial and residential real estate transactions annually.

For more information about Finney Law Firm, visit finneylawfirm.com.

Media Contact: Mickey McClanahan; mickey@finneylawfirm.isoc.net; 513.797.2850.