Monthly Archives: October 2015

October 26, 2015

Complying With HIPAA: A Checklist for Business Associates

by Kim C. Stanger, Holland & Hart LLP

The HIPAA Privacy, Security, and Breach Notification Rules now apply to both covered entities (e.g., healthcare providers and health plans) and their business associates. A “business associate” is generally a person or entity who “creates, receives, maintains, or transmits” protected health information (PHI) in the course of performing services on behalf of the covered entity (e.g., consultants; management, billing, coding, transcription or marketing companies; information technology contractors; data storage or document destruction companies; data transmission companies or vendors who routinely access PHI; third party administrators; personal health record vendors; lawyers; accountants; and malpractice insurers).1 With very limited exceptions, a subcontractor or other entity that creates, receives, maintains, or transmits PHI on behalf of a business associate is also a business associate.2 To determine if you are a business associate, see the attached Business Associate Decision Tree.

Business associates must comply with HIPAA for the following reasons: Continue reading

October 26, 2015

Complying With HIPAA: A Checklist for Covered Entities

by Kim C. Stanger, Holland & Hart LLP

The HIPAA Privacy, Security, and Breach Notification Rules1 apply to healthcare providers who engage in certain electronic transactions, healthcare clearinghouses, and health plans, including employee group health plans with 50 or more participants or that are administered by a third party.2 Covered entities must comply with HIPAA for the following reasons:

1. Civil Penalties Are Mandatory for Willful Neglect. The Office for Civil Rights (“OCR”) is required to impose HIPAA penalties if the covered entity acted with willful neglect, i.e., with “conscious, intentional failure or reckless indifference to the obligation to comply” with HIPAA requirements.3 The following chart summarizes the tiered penalty structure4: Continue reading

October 20, 2015

Nevada Supreme Court Upholds $350,000 Medical Malpractice Cap

by Brian Anderson, Holland & Hart LLP

In a unanimous decision on Friday, October 1, 2015, the Nevada Supreme Court (the Court) upheld as constitutional the state’s $350,000 statutory limitations on plaintiffs’ recovery of noneconomic damages in a medical malpractice or professional negligence suit.

In Tam v. Eighth Jud. Dist. Ct., 131 Nev. Adv. Op. 80 (Nev. Oct. 1, 2015), after the death of Charles Thomas Cornell, Sherry Cornell (individually, and as administrator of Mr. Cornell’s estate) filed a complaint against numerous defendants, including petitioner Stephen Tam, M.D., alleging medical malpractice. Dr. Tam filed a motion requesting in part that the Eighth Judicial District Court (district court) confirm that the Plaintiff’s noneconomic damages be capped pursuant to NRS 41A.035, which limits to $350,000 the recovery of a plaintiff’s noneconomic damages in a healthcare provider’s professional negligence action. The district court denied the motion, concluding that: (1) NRS 41A.035 is unconstitutional, as it violates a plaintiff’s constitutional right to trial by jury;(2) the statutory cap does not apply to the case as a whole, but a separate cap applies to each plaintiff for each of the defendants; and (3) the statutory cap does not apply to medical malpractice claims. Dr. Tam challenged the district court’s order, filing a petition for a writ of mandamus to compel the district court to vacate its order. The Court granted the petition in its entirety, holding that the district court erred in: (1) finding the statute unconstitutional; (2) finding the statutory cap applies per plaintiff and per defendant; and (3) finding the statute only applies to professional negligence and not to medical malpractice. Continue reading