Hinshaw & Culbertson LLP

Hinshaw is a national law firm with approximately 425 lawyers. We offer a sophisticated legal practice, with an emphasis in litigation, consumer financial services, corporate and business law, environmental, health care law, labor and employment law, professional liability defense, and wealth preservation and taxation matters. Our attorneys provide services to a range of for-profit and nonprofit clients in industries that include construction, financial services, health care, insurance, legal, manufacturing, real estate, retail and transportation. Our clients also include government agencies, municipalities and schools.

It can be tempting for a business to push back on a negative review on social media. However, health care providers cannot disclose patients’ protected health information (PHI) in response to negative reviews posted on social media. In June 2016, a patient filed a complaint with the U.S. Department of Health & Human Services Office for Civil Rights (OCR) alleging that their dental service provider had responded to the patient’s social media review on Yelp by disclosing the patient’s last name and details of their health condition. The OCR investigation found the dental office had disclosed PHI of multiple patients…
I recently published an article in the Journal of Health Care Compliance that provides compliance tips on how to pass State Board of Pharmacy inspections. Passing these inspections is important because any compliance deficiencies identified during the process can result in suspension or revocation of a pharmacy license and PBM contract terminations. In addition to addressing best practices for the inspections, the article provides checklists and forms to help reduce compliance-related risks. Other topics covered include the Multistate Pharmacy Inspection Blueprint Program and an exploration of the State Boards of Pharmacy’s right to inspect. Read “Compliance Tips on How to Pass
On September 9, 2019 the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services announced its first enforcement action and settlement of its Right of Access Initiative. This follows an OCR announcement earlier this year of its intention to vigorously enforce patients’ rights to promptly receive copies of their medical records, without being overcharged. A 480 bed Florida hospital paid OCR $85,000 and adopted a corrective action plan in settlement of the claimed violation of HIPAA’s right of access because the hospital failed to provide a mother timely access to records about her unborn child.…
Hospitals operating in Florida need to be aware of a new Florida law that voids noncompete agreements between doctors and their employers. Specifically, Section 542.336 of the Florida statutes voids noncompete agreements between physicians and specialty physician groups where the group employs all the specialty physicians in a given Florida county. An oncology service provider had sued in federal court, arguing the law amounted to special interest legislation and did not serve a legitimate public purpose, as required by the U.S. Constitution’s Contracts Clause. On our sister blog, Employment Law Observer, Hinshaw’s Megan Coughlin discusses the court’s decision in…
A HIPAA Business Associate (“Business Associate”) is an individual or entity who performs or furnishes activity or service for or on behalf of a HIPAA Covered Entity (“Covered Entity”) involving the use or disclosure of protected health information (“PHI”). The HITECH Act and OCR’s HIPAA Security final rule provides the U.S. Department of Health & Human Services Office for Civil Rights (“OCR”) with authority to take enforcement action against Business Associates only for those requirements and prohibitions of the HIPAA Rules outlined below. Based on recent guidance provide by OCR, Business Associates should implement a HIPAA compliance program and document…
Over on the Hinshaw & Culbertson LLP website, we review revisions by the Centers for Medicare & Medicaid Services (CMS) to the regulations for the Programs of All-Inclusive Care for the Elderly (PACE), which make significant changes to ownership restrictions, compliance program monitoring and oversight requirements, staffing requirements, marketing, and participants’ rights. The changes will provide greater administrative and operational flexibility for PACE organizations and includes multiple incentives for the growth and development of PACE Programs, making PACE program development a tremendous business opportunity for any health care provider organization that serves a large Medicare patient population.…
I recently had opportunity to publish an article in the DRI Medlaw Update regarding the challenges posed by Electronic Health Records (EHRs) technology within the context of medical malpractice cases. In the article, I address how EHRs operate and how they differ from the more familiar paper medical chart. First, I explore the concept of “export distortion” and its impact on producing a patient’s chart from within an EHR system. Next, I review the issue of EHR audit trails, and how they relate to disputes over the authenticity of reliability of a patient’s medical record. Finally, I analyze the critical…
The California Department of Managed Health Care (the “DMHC”), which regulates Health Care Service Plans, recently adopted a regulation regarding general licensure requirements for health care providers (“Entities”) that accept global risk, as defined by the Knox-Keene Health Care Service Plan Act of 1975 (“Knox-Keene Act”). Taking effect this week (July 1, 2019), the regulation is codified in California Code of Regulations, title 28, section 1300.49. The new law will require most Entities to file their health plan contracts and request an exemption any time they enter into or renew a health plan contract during the next 12 months,…
I recently published an article in the Journal of Health Care Compliance that provides on overview of the many legal issues raised by the practice of telemedicine services by federally qualified health centers (FQHCs) and rural health centers (RHCs). Because of the many benefits conferred by this health care service modality, FQHCs and RHCs are rapidly adopting telemedicine measures. However, there are many legal risks and compliance issues associated with the use of telemedicine, and in the article I discuss a series of compliance best practices that can help reduce the associated fraud and abuse risks. Read “Federally Qualified
State Boards of Pharmacy are responsible for protecting the health, safety and welfare of the public by regulating the legal distribution of prescription drugs in their respective states, and ensuring the quality of all drugs administered, prescribed, distributed, or dispensed by prescription. That responsibility includes regulating the practice of pharmacy; administering and enforcing pharmacy practice acts and regulations in their respective states; and licensing, regulating, monitoring, investigating, and disciplining pharmacists and pharmacies. A State Board of Pharmacy may reprimand, cancel, suspend, or revoke the license of a pharmacist or pharmacy that is found to have violated applicable pharmacy laws or…
A Managed Care Organization (MCO) contracts with providers to create provider networks that deliver health care services at discounted rates. The plan accessing the provider network may offer a Coverage Agreement issued by the MCO. In the alternative, the plan accessing the provider network may be a self-funded plan offered by an employer that contracts with the MCO to access the MCO’s network to apply its discounted rates to the self-funded plan’s Coverage Agreement. Providers are either reimbursed by the MCO’s plans or by the self-funded plans accessing the network and offering benefit plans to employees. Providers assume the MCO…
The national opioid crisis has triggered an avalanche of lawsuits around the country. Pharmaceutical manufacturers and distributors are often among the named defendants, but other entities are also at risk. The wide variety of claims that figure in these lawsuits means that all health care industry participants should evaluate their risk of being subjected to an opiate-related claim. Many of these suits are being consolidated into multidistrict litigation (MDL), while others are being handled as individual claims. Here are several recommended action items based on the claims and facts alleged in many of the opioid-related lawsuits consolidated in the Opiate…
Wellness programs have quickly found favor with many employers: studies indicate that nearly half of employers who sponsor a health plan offer a wellness program. However, wellness programs have been operating under cloud ever since a federal court decision invalidated guidance issued by the EEOC that an incentive to participants equal to 30% of the cost of coverage under the group health plan was permissible. In December 2018, the EEOC revoked its guidance and the agency is expected to offer new guidance later in 2019. On our sister blog Employment Law Observer, Hinshaw’s Anthony Antognoli discusses how employers face…
Wellness programs have quickly found favor with many employers: studies indicate that nearly half of employers who sponsor a health plan offer a wellness program. However, wellness programs have been operating under cloud ever since a federal court decision invalidated guidance issued by the EEOC that an incentive to participants equal to 30% of the cost of coverage under the group health plan was permissible. In December 2018, the EEOC revoked its guidance and the agency is expected to offer new guidance later in 2019. On our sister blog Employment Law Observer, Hinshaw’s Anthony Antognoli discusses how employers face…
Cybersecurity is a significant and growing compliance risk for health care organizations. If your organization fails to protect patients from cybersecurity risks, the result could be serious fines and penalties for non-compliance with federal and state cybersecurity and data breach laws. The good news is that the U.S. Department of Health & Human Services (“HHS”) recently released voluntary cybersecurity guidance for health care organizations. The guidelines could help you avoid a HIPAA enforcement action similar to these cybersecurity settlements:  $750,000 University of Washington Medical School Clinic settlement for an employee opening an spam email that contained malware that allowed hackers…
On January 14, 2019, the U.S. Department of Health and Human Services Office of the Inspector General (the “OIG”) issued Advisory Opinion 19-01, which was favorable to a federally qualified health center’s (“FQHC’s”) proposal to routinely waive co-payments and/or deductibles for Medicare and TRICARE patients (the “Proposed Arrangement”). The particular FQHC that made the request is a pediatric clinic that provides medical, psychiatric, and dental care to children who reside in an area that contains disproportionately large numbers of children living in poverty. Under the Proposed Arrangement, the FQHC would waive applicable patient co-payment and/or deductible amounts but bill…