Health Care Matters

A Complimentary Newsletter From:

Law Offices Of David S. Barmak, LLC

Managing Risk for Long Term Care and Health Care Providers

Volume 14, Issue 5                    ADVERTISEMENT                      May 2013

In This Issue
Featured Article
Final Rule Results in Significant Changes to HIPAA
How Would You Answer This Question?

Find us on Facebook Follow us on Twitter 


David Barmak, Esq.
Matthew Streger
Matthew Streger, Esq.
Brandon Goldberg, Esq.
Jennifer Cohen
Jennifer Cohen, Esq.
Aaron Rubin
Aaron Rubin, Esq.



Click on Attorney's Picture for More Information 



Register to Receive Our
Health Care Matters Newsletter
Join Our Mailing List



On January 25, 2013, the Department of Health and Human Services (HHS) published the final HIPAA omnibus regulations. These final rules broaden healthcare providers' HIPAA privacy, security, enforcement, and breach notification requirements. Specifically, the changes affect business associate agreements, notice of privacy practices, and individual rights.

Business Associate Agreements

Covered entities are required to enter into agreements with their business associates. These agreements, known as business associate agreements (BAA), must specify the permitted uses and disclosures of protected health information (PHI) as well as assign appropriate obligations and liability to the parties. Under the final rule, the definition of business associate was extended to include a number of entities not previously subject to many of the HIPAA rules.

Consequently, covered entities and their associates who now fall under these rules must update their BAA to reflect these recent changes in the obligations and liability of business associates. Among other things, BAAs must now state that business associates will:

  • Comply with the HIPAA security rule
  • Comply with the HITECH Act's privacy provision
  • Comply with the HIPAA privacy rule to the same extent as a covered entity when performing a covered entity's HIPAA obligation
  • Report breaches of unsecured PHI to covered entities
  • Ensure that subcontractors that create or receive PHI on behalf of a business associate agree to the same PHI restrictions that apply to the business associate

Notice of Privacy Practice

Pursuant to the HIPAA privacy rule, covered entities are required to maintain and distribute a Notice of Privacy Practices (NPP) that describes their HIPAA privacy practices. The required changes to the NPP include:
  • A description of the uses and disclosures of PHI that require authorization
  • A statement regarding the covered entity's use of PHI for fundraising purposes, as well as a statement detailing the individual's right to opt out of such communication
  • A statement that the covered entity is not permitted to use genetic information for underwriting purposes
  • A statement detailing the covered entity's obligation to maintain the privacy of PHI and of an individual's right to receive notification in the event of a breach of PHI. 

Individual Rights

The final rule expands or changes certain individual rights provided for under the HIPAA rule. Some of these individual rights include access to electronic records, restricted disclosures, decedent's PHI, and proof of immunization.


Effective and Compliance Dates


Recognizing that covered entities and business associates will need time to come into compliance with final rules, HHS has stated that for most provisions, covered entities and business associates will have 180 days after the publication date of the final rule making the compliance date September 25, 2013.In addition, HHS provided an additional one-year transition period to modify certain business associate agreements if the parties had an agreement in place on or before January 25, 2013., that complied with then applicable law and the contract is not renewed or modified between the effective date and the compliance date of the modifications to the final rules.





WHAT IF you read in the morning newspaper that an attending physician to some residents living in your skilled nursing facility (SNF) has been arrested but not pled guilty (not yet) to allegations of fraud?


There are risks to the SNF if the physician committed fraud even if the SNF was unaware of the fraudulent behavior.There are numerous issues to consider; however, some of the top considerations include:


           -  Consider suspending the physician's attending 


           -  Consider transferring care for the residents from the

              attending physician to the Medical Director;

           -  Consider reviewing all medical charts for the services 

               rendered by the attending physician.


Your goal is to determine if the physician was doing that which she/he has been accused of doing (e.g.; review to see that physician actually saw residents; and that the physician did individualized assessments and treatments).


It is important to remember that in the United States, we are considered innocent until proven guilty, however, you do not have the luxury of waiting until a court of law decides issues of alleged fraudulent behavior. It is critical to proactively take appropriate, reasonable, measured steps based upon the information available to protect our residents, our employees and our facility. 

Law Offices Of David S. Barmak, LLC

Our firm is dedicated to helping health care providers, such as skilled nursing facilities and other health care providers, and the suppliers of products and services to those providers, manage risk through comprehensive compliance programs that focus on early intervention through on-site training, communication, policy & procedure review, monitoring and consultation. The program includes on site auditing and training in the areas of, but not limited to, fraud & abuse, HIPAA privacy & HITECH data security, employment, emergency preparedness, workplace violence, clinical documentation, sexual harassment and social networking.


The firm's compliance team includes experienced compliance attorneys, nurses, physical therapists, pharmacy consultants, information technology specialists, nurse practitioners, administrators, orthotists & prosthetists and EMS professionals, who are available to assist clients with pre and post Department of Health (DOH) survey procedures, respond to DOH questions, prepare for re-inspections, minimize risks for deficiencies, offer support to Directors of Nursing regarding accurate care plans, incident and accident reports and therapy notes, review Medicare billing and audit PPS/Medicare/Medicaid insurance documentation.


The recipient may, if the newsletter is inaccurate or misleading, report the same to the Committee on Attorney Advertising.


This newsletter has been prepared by the Law Offices Of David S. Barmak, LLC for informational purposes only and is not intended to provide legal advice. You should consult an attorney for advice regarding your individual situation. We invite you to contact us. Contacting us does not create an attorney-client relationship. Please do not send any confidential information to us until such time as an attorney-client relationship has been established.


For more information, please contact David S. Barmak, Esq.:

Telephone (609) 454-5351

Fax (609) 454-5361

Copyright, 2013.  Law Offices Of David S. Barmak, LLC.  All rights reserved.
No portion of these materials may be reproduced by any means without the advance written permission of the author.