HIPAA — Are Healthcare Providers doing their own Version of Captain America’s 70 year “Sleep?”

 

hipaa-complaint

     One of my favorite of the recent spate of Marvel superhero movies is “Captain America: The First Avenger”.  In that movie, Captain America fights Red Skull to protect earth from utter destruction.  One scene near the end of the movie actually makes me think of HIPAA.  Captain America awakens in a 1940s-style hospital room. Deducing from an outdated radio broadcast that something is wrong, he flees outside and finds himself in present-day Times Square, where S.H.I.E.L.D.  Director Nick Fury informs him that he has been “asleep” for nearly 70 years.
     When we discuss HIPAA with healthcare providers, we find that many simply do not take it very seriously.  The “teeth” of HIPAA regulations seem not to have been vigorously enforced in the past, leading many providers to believe there is little reason to worry about the details, thinking it was all bark, but no bite. As time has gone by, while some physicians and groups have tried to stay updated and compliant, many have taken no steps whatsoever, actually creating more chaos.  For example, when we first moved back to Missouri a few years ago, my wife took our kids to the doctor for the first time, and she was asked to fill out one form and put all the kids’ names on it, so that the practice could request their records from Michigan.  When the Michigan office got the form they then informed my wife that she had to fill out a form for each child to request records.  However, our new Missouri doctor said that the Michigan office was just being “overly cautious,” and that the one form should have been all that they needed.  We finally got the kids records, but it was rather difficult when one practice took HIPAA seriously and the next office did not.
     Within the last few years or so, the Department of Health and Human Services seems to be putting much more emphasis on the “bite” of HIPAA, and essentially to try to wake up those ignoring the HIPAA legislation from their Captain America “sleep”.  In 2014, HHS started conducting audits to find out whether covered entities were complying with the law.  The audits found that only 2-5% of those audited were actually in full compliance with HIPAA.  After this report, the Office of Inspector General (OIG) recommended that HHS begin implementing a permanent audit program to ensure compliance with HIPAA.  The enforcement efforts of these two agencies are effectively waking up many who are covered by HIPAA from their Captain America “sleep”, but just like in the movie, that awaking is not a relaxed, easing out of bed, but a cold slap-in-the-face type of awaking.
     As the enforcement efforts expand, HHS began another round of audits this year, and will actually be increasing the number of audits that will be conducted. Several covered entities have received notification that they are among the first round to be audited.  As random audits take place, every doctor, group, hospital, clinic, and other covered entities required to comply with HIPAA must awaken from their Captain America “sleep” as well, or they could face massive fines being imposed upon them for non-compliance.
     When we speak with doctors about HIPAA, most tell us that the law is simply an annoyance with which they would prefer not to hassle.  When we explain our detailed system for providing complete HIPAA compliance protection, many simply rely upon the fact that they “have never been audited before”, so they assume that they’re safe and won’t ever be audited. We point out that, just as it is too late to buy malpractice insurance after one has been sued, it likewise makes no sense to take chances on HIPAA compliance by waiting to see what happens.  The “sleep” from which they may awaken the day an auditor shows up in their office will be a harsh and sudden, and far too late to prepare for what might come from the audit being conducted. Likewise, many also seem to believe that if they are audited, they are either already compliant enough, or that any fine assessed against them will not be significant. That belief tends to ignore the very statistics (noted above) regarding how few providers have actually been found to be in compliance through the audits already conducted.
     While the details of HIPAA law are rather complex, it is pretty straight-forward about some of the basics — what it is you need to have and need to do — to comply with HIPAA.  You must have a HIPAA policy and procedure manual specific to your practice (so those who buy generic “manuals” on the internet are still asleep, as those simply do not constitute full compliance).  You must fully train every person on your staff on those policies and procedures at least twice a year (and you can’t “sleep” through this process with a short pamphlet for the staff to read). Likewise, you must conduct a thorough risk analysis at least twice a year to look for vulnerabilities and make sure you’re staying in compliance. Given that this is the hardest part of HIPAA compliance generally, one can see why physicians haven’t “awaken” to this part of the process.
     Those who are subject to HIPAA laws need to continually monitor the ever-changing regulations to stay aware of any updates or revisions that need to be made to their manual, training materials, and the type of risk analysis to be conducted.  There is a lot to do to stay in full compliance and it is clearly time for physicians and healthcare entities to wake from their sleep in order to be ready. Otherwise, that awakening will seem much like it did for Captain America, with a shock-to-the-system type of reaction the day the auditors appear.
#confidential #dentist #doctors #HIPAA #liability #medical practice #medical records #patient’s privacy

 

Nothing posted on Evidentiary Matters is to be considered legal advice or advertising.
The choice of a lawyer is an important decision and should not be based solely upon advertisements.

Save

Save

Save

“The Sky’s the Limit” – But How Much for Drones?

Drone flies from hotel near Space Needle

     In our last article, we reported on the rise in interest and use of personal drones or “quadcopters”. On almost a daily basis now, one can find a news story about drone incidents or videos of the stunning pictures that users can take from the sky, as they are increasingly being used to capture aerial footage. Such use poses privacy and trespass concerns, and there obviously are also safety concerns. However, drone usage seems to be outpacing the development of laws or regulations that might govern them

     It only seems logical that the Federal Aviation Administration (“FAA”) would be the first place to look for laws regulating the operation of drones. Surprisingly, however, attempting to do so is akin to playing a game of connect-the-dots without the benefit of the numbers. First, when the FAA’s regulations were initially promulgated over a half-century ago, nothing in them specifically regulated the operation of drones. Second, it was only over time that the FAA, in a piecemeal-fashion, started to address the operation of drones by issuing a series of “advisory circulars” and policy statements.

      Because of the ambiguity, vagueness, and over-breadth of these advisory circulars and policy statements, the regulation of drones currently remains in a state of flux. The FAA essentially stuck its regulatory nose in drone usage in a situation that ended in a case styled FAA v. Pirker. Raphael Pirker was contracted by the University of Virginia to shoot a publicity video of the campus, for which he used his camera-equipped drone. Upon learning of this, the FAA fined Pirker $10,000 for violating its regulations restricting the use of “commercial” drones. Last March, however, a federal administrative law judge sided with Pirker, holding, in essence, that Pirker’s drone constituted a model aircraft, and, because the FAA did not have regulations governing model aircraft, the FAA’s rules restricting the use of commercial drones were non-binding and non-regulatory. Rather, Pirker was subject only to the FAA’s “requested voluntary compliance” rules (FAA Advisory Circular 91-57) for model aircraft hobbyists: flying below 400 feet; selection of an operating site of sufficient distance from populated areas; and not flying the model aircraft within three miles of an airport without first notifying the control tower or flight service station. Since the FAA is appealing, the decision has, in effect, been stayed.

      The FAA has been tasked by Congress to design new regulations by September 2015 governing the use and operation of drones. In furtherance thereof, the FAA, in 2013, released its roadmap on the integration of unmanned aircraft into national airspace. Since last year, 13 states have enacted their own laws regulating the operation and use of drones. These state laws are not uniform and, although many are applicable to state agencies, some apply to private operators as well. In Tennessee, it is illegal to use a drone to photograph hunters and fishermen without their consent. It is illegal in Wisconsin to equip a drone with a weapon. Texas and Montana prohibit a private operator from using a drone to conduct surveillance of or photograph an individual on private property without first obtaining the individual’s consent. A drone operator in Oregon is prohibited from flying a drone less than 400 feet over another person’s private property without first obtaining consent of the owner or resident.

      So far this year, 36 states attempted to follow the 13 other states by introducing or attempting to pass legislation regulating the operation and use of drones. Many of these states will revisit these issues during their next legislative sessions. What this means is that, in order to fill in the void created by the FAA, more and more states are passing their own laws regulating the operation and use of drones, whether directed to state agencies or private individuals or both.

      Although a drone operator may be familiar with his state’s laws (or the absence thereof), he should become familiar with drone laws of other states when operating drones in those states. Coining an old (but still viable) adage, “Ignorance is no excuse of the law.” Recently a tourist in Seattle, Washington operated a drone from his fifth floor hotel room, photographing visitors on the observation deck (520 feet above ground) of the Space Needle. Fortunately for the operator, the State of Washington had no laws prohibiting him from operating his drone in this manner.

     As technology changes, so does society; and as society changes, so do laws. In other words, the drones are here, and not far behind are increasing (and differing) laws regulating their operation and use.

 

#drones  #remotely piloted vehicles  #quadcopter  #personaldrones  #FAA  #state laws

Nothing posted on Evidentiary Matters is to be considered legal advice or advertising.
The choice of a lawyer is an important decision and should not be based solely upon advertisements

Personal Drones Invade the Legal World

Drones Invade the Legal World

Personal Drones Invade the Legal World

     They are referred to as unmanned aircraft (“UA”), unmanned aerial vehicles (“UAV”), unmanned aerial systems (“UAS”), remotely piloted aircraft (“RPA”), remotely piloted vehicles (“RPV”), and remotely piloted air systems (“RPAS”). Some of these terms are uniquely distinguishable from others, but they have all been found to fall under one generic category – drones. After all, “a rose is a rose . . .”—and you know the rest. To further sub-categorize, drones fall into two classes: fixed-wing drones that fly similar to an airplane; and vertical take-off and landing drones (“VTOL”), which are similar to helicopters. Although some VTOLs have more than four propellers, a typical VTOL has four propellers and is often referred to as either a “quadcopter” or “quad.” The quadcopter is the most popular drone among private users of drones.

     With all of the publicity and discussion in the media about military drones, many people do not realize that individuals can purchase and own drones. Small quadcopters, about the size of an adult hand, can cost approximately $30, and have a range of up to 50 feet. Camera-equipped quadcopters, approximately 18 inches in diameter, can be purchased for as low as $150 while more sophisticated models can be of larger diameter and cost up to $3,000. Depending on the type of model and price, quadcopters can have a range of up to two miles and potentially reach altitudes of several hundred feet. Currently, no training or licensure is required to operate personal quadcopters. As a result of these factors, and the ease of take-offs and landings, quadcopters are gaining popularity in the recreational sector and certain businesses. One of the larger manufacturers of small quadcopters, DJI, is believed to sell approximately 10,000 units weekly. However, just as with the introduction of the automobile a little over a century ago, legal issues now loom on the horizon for drones and those who use them.

     In all likelihood, the most prevalent types of legal issues involve personal injuries and property damage. For example, in a recent incident, while a photographer was attempting to secure aerial photographs of a bride and groom using a camera-equipped quadcopter, he lost control of it and it hit the groom in the head, causing lacerations to his eye and cheek. [Fortunately for the photographer, the groom was very forgiving and understanding.] In another incident in Virginia, a quadcopter crashed into a crowd of spectators watching an event and injured four people. In Manhattan, a quadcopter flew into the side of a high-rise building and plummeted to the sidewalk 300 feet below. Likewise, an athlete in an Australian triathlon was seriously injured when a quadcopter collided with her. While some injuries are caused by operators losing control of the device, other injuries result from the quadcopter simply falling from the sky after exceeding its range limit or from battery failure.

     Aside from personal injury and property damage, using drones could result in other legal actions such as invasion of privacy and trespassing. Recently, in Portland, Oregon, a tenant spotted a quadcopter hovering outside a window of her 26th-floor apartment. As it turned out, the quadcopter was being operated by a developer who was photographing a site for a 20-story office building. One can imagine the claims that might be made if someone were to secure potentially embarrassing photographs of an individual who believes they are safely behind a high privacy fence.

     At this time, private use of drones have been banned in all of America’s 401 national parks. This past April, a quadcopter disturbed a herd of bighorn sheep at Zion National Park, resulting in the adults becoming separated from the younger animals. But as with other developing technologies and hi-tech toys, drones are here and are gaining in popularity. Recreational owners of quadcopters should be sure that they are covered by liability insurance. Although specific language about “drones” is almost certainly lacking (at this point) in most homeowner insurance policies, some policies will generally cover personal injury and property damage resulting from quadcopters. Owners of quadcopters should either read their policies or contact their insurance companies to be certain. While homeowner policies might cover private personal use, coverage may not apply if quadcopters are used for business purposes (e.g., securing photos for sale or business use, etc.). But there can be a very fine line regarding what constitutes a business versus personal use, such as farmers using drones for monitoring their crops. At this point, under general policy coverages, claims and lawsuits for invasion of privacy and trespassing might not be covered. Some insurance companies provide coverage specifically for the operation of quadcopters. However, the cost of premiums may depend on the owner’s training and expertise in the operation of quadcopters, as well as the use to which it is put. The bottom line: having fun with this hobby can come at a cost, a cost for which you should be prepared.

[This is the first in a planned series of articles on the subject of legal issues related to personal drones and their use.]

#drones  #remotely piloted vehicles  #quadcopter  #personaldrones  #personalinjury  #propertydamage  #invasionofprivacy  #trespassing

Nothing posted on Evidentiary Matters is to be considered legal advice or advertising.

The choice of a lawyer is an important decision and should not be based solely upon advertisements