Lynn Sessions

Subscribe to all posts by Lynn Sessions

Artificial Intelligence and Machine Learning in the Development of Drug and Biological Products

Photo of Winston S. KirtonPhoto of Lee H. RosebushPhoto of Lynn SessionsPhoto of Laura MacherelliPhoto of Marc WagnerBy Winston S. Kirton, Lee H. Rosebush, Lynn Sessions, Laura Macherelli and Marc Wagner on Posted in FDA
On May 10, the U.S. Food and Drug Administration (FDA) published a discussion paper, “Using Artificial Intelligence & Machine Learning in the Development of Drug & Biological Products.” The paper is a collaboration between FDA’s Center for Drug Evaluation and Research (CDER), the Center for Biologics Evaluation and Research (CBER), and the Center for Devices … Continue Reading

​​​​​​​Cybersecurity in Medical Devices

Photo of Lee H. RosebushPhoto of Lynn SessionsPhoto of Laura MacherelliPhoto of Eric MorrisBy Lee H. Rosebush, Lynn Sessions, Laura Macherelli and Eric Morris on Posted in Alert
The U.S. Food and Drug Administration (FDA) has issued new guidance to the medical device industry on the importance of cybersecurity measures in product development. The nonbinding guidance, titled “Cybersecurity in Medical Devices: Refuse to Accept Policy for Cyber Devices Under Section 524B of the FD&C Act,” stresses the critical need for manufacturers to address … Continue Reading

GAO Report Criticizes HHS’ HIPAA Cybersecurity Guidance and Program

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
Recently, the Government Accountability Office (GAO) reviewed the U.S. Department of Health and Human Services’ (HHS) security and privacy oversight and identified significant gaps in the cybersecurity guidance provided by HHS to entities regulated by HIPAA. The report’s primary criticism emphasized that though HHS prepared a crosswalk with the National Institute of Standards and Technology … Continue Reading

$2.75 Million OCR Settlement Underscores the Importance of Risk Management and Analysis

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
How the theft of a single password-protected laptop turned into an enterprise-wide review of an organization’s data protection practices. Following the announcement of a recent settlement between the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) and Catholic Health Care Services, OCR has announced another significant settlement agreement and corrective action … Continue Reading

Business Associates in the Crosshairs: Catholic Health Care Services Settles for $650,000 for Failure to Safeguard PHI

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) recently agreed to enter into a $650,000 resolution agreement and a two-year corrective action plan (CAP) with the Office for Civil Rights (OCR). CHCS provides management and information technology services as a business associate to six nursing homes. The OCR settlement follows a finding that … Continue Reading

Ransomware Targets Healthcare Industry

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
Just four months into 2016, the healthcare industry is already facing a permanent and increasing threat to hospital operations: ransomware. Previously, BakerHostetler reported that Hollywood Presbyterian Hospital paid 40 bitcoins to access its own electronic health records after its information systems were locked with ransomware. Since then, at least five other healthcare entities have been infected with … Continue Reading

One Week, $5.45 Million in Resolution Agreements for HIPAA Violations

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) continued its run of resolution agreements for HIPAA violations, pulling in $5.45 million from just two entities, North Memorial Health Care of Minnesota (NMHCM) and theFeinstein Institute for Medical Research (Feinstein), in a single week. The resolution agreements emphasize that business associate agreements and … Continue Reading

Don’t Get Phished! Hackers Pose as CEOs to Steal Tax Information from HR and Payroll Professionals at Healthcare Organizations

Photo of Melinda L. McLellanPhoto of Lynn SessionsBy Melinda L. McLellan and Lynn Sessions on Posted in Uncategorized
Every tax season is plagued with scams to defraud individuals and companies for money from tax returns. However, this year has started off with a bang and this means that the healthcare industry has another reason to worry. On March 1, 2016, the IRS issued an alert warning “payroll and human resources professionals to beware of an … Continue Reading

ALJ Upholds OCR’s $239,800 CMP for Healthcare Provider

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
On January 13, 2016, the Department of Health and Human Services’ Administrative Law Judge upheld the Office for Civil Rights’ (OCR’s) civil monetary penalty (CMP) against Lincare, Inc., d/b/a United Medical (Lincare), for $239,800 in an appeal of OCR’s Health Insurance Portability and Accountability Act (HIPAA) CMPs. Lincare is a home health company that provides respiratory … Continue Reading

HHS Removes Barriers to Reporting Federal Mental Health Prohibitor Status for Gun Background Checks

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
On January 6, 2016, the U.S. Department of Health and Human Services (HHS) released amodification to the Health Insurance Portability and Accountability Act (HIPAA) removing barriers to reporting federal mental health prohibitor status for gun background check purposes. The new section, 45 C.F.R. § 164.512(k)(7), allows a covered entity to use or disclose protected health information … Continue Reading

OIG Emphasizes Proactive Enforcement of Privacy Rule and Monitoring of Repeat Offenders

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
The Office of Inspector General’s (OIG) recently released Privacy Standards report assessed the Office for Civil Rights’ (OCR) oversight of covered entities’ compliance with the Privacy Rule as well as the extent to which Medicare Part B providers are aware of HIPAA privacy standards. To that end, the OIG found that Part B providers fell … Continue Reading

Meaningful Use Stage 3 Final Rule Reduces Provider Burdens

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
CMS and the Office of the National Coordinator for Health Information (ONC) recently released the 752-page final rule for Meaningful Use Stages 2 (MU2) and 3 (MU3). The final rule provides a flexible timeline for providers and reduces the number of objectives and accompanying clinical quality measures required for reporting. The rule further provides that: … Continue Reading

HIPAA Fine Underscores OCR’s Focus on Physician Group Compliance

Photo of Lynn SessionsBy Lynn Sessions and Suchismita Pahi on Posted in Uncategorized
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced a $750,000 fine and resolution agreement, including a Corrective Action Plan (CAP), for Cancer Care Group, P.C. (CCG), a private organization made up of 18 physicians. The CCG investigation and resolution demonstrates that OCR does not exempt even modest-size physician … Continue Reading

FAQs by Employers Regarding the Anthem Breach

Photo of Theodore J. Kobus IIIPhoto of Lynn SessionsBy Theodore J. Kobus III and Lynn Sessions on Posted in Uncategorized
Do we have any legal obligations under HIPAA? It depends on your contractual relationship with Anthem and whether the group health plan offered by your company is self-insured. If your company’s group health plan is self-insured and your company contracts with Anthem to administer the plan, process claims, etc., then your company’s group health plan … Continue Reading

OCR Updates Breach Report Web Portal — Changes Could Impact Annual Breach Reports

Photo of Lynn SessionsBy Lynn Sessions and Cory J. Fox on Posted in Uncategorized
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently launched an updated version of the portal covered entities must use to notify OCR regarding a breach of unsecured protected health information (PHI) under 45 C.F.R. § 164.408, and the changes could impact covered entities planning to submit their 2014 … Continue Reading

Managing Your Health Information Risks Should Not Begin After a Breach Is Reported

Photo of Lynn SessionsBy Lynn Sessions on Posted in Uncategorized
Editor’s Note: We recently launched a graphic illustrating our Cyber Risk Mitigation Services. Our attorneys have written about specific examples of those services. Healthcare is plagued by a high frequency of reported breaches. Although they are often caused by employees making mistakes, such as misdirecting a fax or losing a thumb drive, we are seeing more and … Continue Reading

HHS Provides Guidance on HIPAA Privacy in Emergency Situations Such as Ebola

Photo of Lynn SessionsPhoto of M. Scott KollerBy Lynn Sessions and M. Scott Koller on Posted in Uncategorized
In the wake of the recent Ebola outbreak, the U.S. Department of Health and Human Services (“HHS”) has issued a guidance on how the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) applies in emergency situations. The guidance attempts to strike a balance between preserving patients’ privacy rights and the need to disseminate information to … Continue Reading

Ebola Information Quarantine: Balancing Patient Privacy With Public Health

Photo of Lynn SessionsBy Lynn Sessions and Cory J. Fox on Posted in Uncategorized
Of all the complex legal issues raised by the recent cases of Ebola in the U.S., those concerning the delicate balance between preserving patients’ privacy rights and the need to disseminate information to protect public health may be overlooked by providers. First, the laws may seem complex, consisting of a patchwork of state-level privacy and … Continue Reading

Medical Information More Valuable to Hackers Than Credit Card Numbers

Photo of Lynn SessionsBy Lynn Sessions and Nita Garg on Posted in Uncategorized
In light of the recently reported large healthcare data breaches that have resulted in the potential theft of the personal information of millions of patients, the FBI warned healthcare providers yet again of the dangers of cyber attacks. Healthcare providers, already sensitive to the need for increased patient data protection in response to the 2013 … Continue Reading

Health System Pays $800,000 Fine for Leaving PHI in Doctor’s Driveway

Photo of Lynn SessionsBy Lynn Sessions and Kimberly M. Wong on Posted in Uncategorized
While enforcement activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has focused primarily on a covered entity’s safeguard of electronic protected health information (ePHI), organizations cannot forget about PHI in nonelectronic form.  In 2009, a retiring physician filed a complaint with HHS against Parkview Health System, Inc. … Continue Reading

Get Ready! HHS OCR Announces Next Round of HIPAA Audits

Photo of Lynn SessionsBy Lynn Sessions and Kimberly M. Wong on Posted in Uncategorized
To combat new risks associated with rapidly evolving health information technology, HIPAA and HITECH provide standards for the privacy of protected health information (PHI), the security of electronic protected health information (ePHI) and breach notification to individuals. HITECH also requires the U.S. Department of Health and Human Services (HHS) to perform periodic audits of covered … Continue Reading

OCR Settles Potential HIPAA Violations With County Government

Photo of Lynn SessionsBy Lynn Sessions and Kimberly M. Wong on Posted in Uncategorized
To start 2014, HHS OCR issued its first resolution agreement of the year and its first settlement with a county government—signaling that even local and county governments, regardless of size, must safeguard the privacy and security of patient information in compliance with HIPAA. Skagit County, Washington (County), located in northwest Washington with approximately 118,000 residents, … Continue Reading
LexBlog