Justice Dept. Demands Private #Patient Info From #Trans Youth #Medicine Providers
#AttorneyGeneral #PamBondi said Wednesday that “medical professionals and organizations that mutilated children in the service of a warped ideology will be held accountable.”
#privacy #hipaa #ag #doj
https://www.nytimes.com/2025/07/10/health/transgender-medicine-minors-trump-subpoena.html
NEW: Avantic Medical Lab hacked; patient data leaked by Everest Group:
https://databreaches.net/2025/07/09/avantic-medical-lab-hacked-patient-data-leaked-by-everest-group/
HHS' Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan:
This was a ransomware attack in 2023 claimed by LockBit. Deer Oaks was already under investigation for a prior breach and HHS OCR expanded their case.
Kentfield Hospital is a critical care hospital in California. They appear to have been the victim of a cyberattack by World Leaks, who claim to use an exfiltration-extortion model.
The hospital has not responded to an inquiry sent to it over the weekend, so they have neither confirmed nor denied any attack at this point, but I was able to preview the data tranche and reported on it all here:
Would you sign this form to take your kid hiking when you are there? I started going on hikes with my local Sierra Club group around 1990. They were a lot of fun and that's how I found out about many of my current favorite hiking locations. Paperwork was minimal, just sign a liability release form. Parents had to sign a release on behalf of their kids. Last year I decided to start leading hikes since nobody in the group was leading hikes to places I found interesting. I took some online classes and a first aid class and started leading some trips. But last month the national Sierra Club told us there is new paperwork for anyone under 18 that requires parents to disclose their child's birthday, doctor, all medications they're taking, and reason for taking the medication. They want these forms collected via insecure personal email or to fill out a paper form at the start of the event and trip leaders would then need to keep those forms at home. 
I said hell no I am absolutely not doing that. I told the state chapter I think these forms, especially the part about sending them via email, violate HIPAA rules to safeguard private health information. Was told nah it's fine. Even if that's true, trip leaders do not need this information since we can't administer meds and the parents are there. This whole thing creeps me out so much I've decided to find another group to volunteer for. Attached is the form. Am I overreacting? #SierraClub #PHI #HealthInformation #HIPAA
"The Trump administration violated federal privacy laws when it turned over Medicaid data on millions of enrollees to deportation officials last month, California Attorney General Rob Bonta alleged on Tuesday, saying he and 19 other states’ attorneys general have sued over the move."
https://apnews.com/article/trump-medicaid-immigrant-california-161f7e1b9087512d674258f32f822878
DATE: July 01, 2025 at 08:45AM
SOURCE: HEALTHCARE INFO SECURITY
Direct article link at end of text block below.
Who are the latest #software vendors in the #healthcare sector to disclose large #hacking incidents? https://t.co/ZcY39I9Db8
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.
-------------------------------------------------
#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering
DATE: June 25, 2025 at 03:43PM
SOURCE: HIPAA Watch from JD Supra
Direct article link at end of text block below.
Court Vacates HIPAA Reproductive Information Privacy Regulations https://t.co/6LvusB0Y6E
Here are any URLs found in the article text:
Articles can be found by scrolling down the page at https://www.jdsupra.com/ under the title "Latest Updates".
-------------------------------------------------
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Most healthcare security and privacy posts related to IT or infosec are at @rsstosecurity
-------------------------------------------------
DATE: June 24, 2025 at 05:35AM
SOURCE: PsychBilling Coach In the News by Susan Frager
-------------------------------------------------
TITLE: In-Person visit required!? Deadline in just over 60 days!
URL: https://psychbillingcoach.com/news/is-in-person-visit-required-again/
If you see Medicare clients via telehealth, the question is still looming: will Medicare resume the requirement to have an in-person visit prior to being seen via telehealth?
On October 1, 2025, the answer will once more be yes unless Congress acts. Since the start of COVID in 2020, this drama plays out every year (or more often), causing anxiety among therapists and clients. Will Medicare extend the waiver they put in place during the COVID days that allows clients to be seen via telehealth without first having an in-person visit? If they extend the waiver yet again, postponing a decision, how long will the extension last this time? Will they ever come to their senses and make telehealth without face-to-face evaluation permanent?
It’s been like the old TV soap operas: tune in tomorrow!
Now, once again, legislation has been introduced that would permanently remove the Medicare in-person visit requirement. It’s called the Telemental Health Care Access Act of 2025. Click here to read the press release from Doris Matsui (D-CA) and her fellow sponsors in the House and Senate.
Before you get your hopes up or make practice-altering decisions: so far, this is just a bill. It still has to pass both houses of Congress and receive presidential approval. But in the current volatile climate of unprecedented political upheaval and a new war, it’s going to be hard for any piece of legislation right now, however important it is to mental health professionals and our clients, to compete with “The Big Beautiful Bill” for everyone’s attention. The outcome of THAT mammoth piece of legislation is likely to have an influence on our field that goes far beyond whether Medicare clients can be seen via telehealth without having first had a face-to-face visit.
What are the in-person visit rules?
If the waiver expires without Rep. Matsui’s bill becoming law, Medicare’s coverage rules for telehealth revert to:
• The client must be treated or evaluated on an in-person basis within the 6 months prior to the first telehealth session.
•
• At least one follow-up in-person visit every 365 days thereafter.
•
But…as always, there are exceptions.
If a client begins treatment and is seen via telehealth prior to the expiration of the waiver on September 30, 2025, they wouldn’t be required to have an in-person visit after October 1 before having telehealth again just because the waiver expired. However, going forward, they would still be required to have at least one face-to-face visit every year.
And, whether or not a client was already in treatment before September 30, the in-person visit requirement can also be waived on a case-by-case basis if
…the physician or practitioner and patient agree that the risks and burdens outweigh the benefits associated with furnishing the in-person item or service, and the practitioner documents the reasons for this decision in the patient’s medical record.
Center for Connected Health Policy, February 4 2025 (emphasis on documentation is mine)
Does this apply to Medicare Advantage?
Medicare coverage, rules, and reimbursement rates are always a matter of law and are set by Congress. Typically, they apply to commercial Medicare “Advantage” plans as well as Original Medicare.
What makes “Advantage” plans so difficult, though, is understanding all the Medicare rules on top of the confusion and lack of clarity that always seems to accompany dealing with commercial insurance companies. It’s a double whammy, because insurance payers do have some flexibility in how they structure their Medicare “Advantage” products.
If you’re stumped by Medicare, Medicare Advantage, billing issues, or any other insurance conundrum, I’m always available to help. My 4-hour All Things Medicare webinar is also a great resource to ensure that lack of knowledge of the rules doesn’t turn into your next big clawback.
URL: https://psychbillingcoach.com/news/is-in-person-visit-required-again/
Articles can be found by scrolling down the page at https://psychbillingcoach.com/news/ under the title "In the News".
-------------------------------------------------
This robot is unaffiliated with PsychBilling Coach.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Unofficial Psychology Today Xitter to toot feed at Psych Today Unofficial Bot @PTUnofficialBot
Psychology news and research articles at Psychology News Robot @PTUnofficialBot
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE: http://subscribe-article-digests.clinicians-exchange.org
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
-------------------------------------------------
#psychology #counseling #socialwork #psychotherapy @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry #mentalhealth #psychiatry #healthcare #psychotherapist #doctors #psychotherapist #hospital #HIPAA #privacy #BAA #patientrecords #telehealth #medicalbilling #SusanFrager
4 More States Caught Sharing Personal Health Data With Big Tech
State-run health care websites around the country, meant to provide a simple way to shop for insurance, have been quietly sending visitors’ sensitive health information to Google and social media companies
https://www.kqed.org/news/12045084/4-more-states-caught-sharing-personal-health-data-with-big-tech
IANAL, but wouldn't #HIPAA still apply?
This asshole:
“U.S. District Judge Matthew Kacsmaryk in Amarillo, Texas, said the U.S. Department of Health and Human Services exceeded its powers and unlawfully limited states’ ability to enforce their public health laws when it adopted the rule last year.
The rule prohibits healthcare providers and insurers from giving information about a legal abortion to state law enforcement authorities who are seeking to punish someone in connection with that abortion.”
US judge invalidates Biden rule protecting privacy for abortions | The Mighty 790 KFGO | KFGO https://kfgo.com/2025/06/18/us-judge-invalidates-biden-rule-protecting-privacy-for-abortions/
Privacy rights make it harder for fascists to achieve their end goals.
They want to create autism lists
They want lists of those “likely to seek abortion”
They want lists of trans people
Nazis also created lists. Of Jewish people, disabled people, LGBTQ+ people and anyone who spoke out against the “regime”.
They will not use these lists for good. Patients deserve privacy.
The latest violation?
“A 2024 federal rule that shielded reproductive health information from disclosure to law enforcement when care was legally obtained, such as in another state with abortion access, was struck down by a federal judge in Texas on Wednesday evening”
Even if you legally obtain an abortion, they will be able to access that information.
They want to squash our reproductive freedoms.
Alleged Geisinger hacker will defend himself pro se.
What's that old adage about someone defending themself instead of using a lawyer? That they have a fool for a client?
I've uploaded two of his filings -- the motion to defend pro se, which was granted, and now an emergency motion to be temporarily released from prison because... well, he gives some reasons. You'll see.
https://databreaches.net/2025/06/18/alleged-geisinger-hacker-will-defend-himself-pro-se/
And fwiw, Nuance never responded to my inquiries at the time of his arrest asking about what kind of background check they had done because his history revealed a number of past run-ins with the law.
NEW by me:
Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
Defense counsel for Hankins & Sohn claims that the attack they experienced in February 2023 was "unforeseeable." Was it really?
Jackson Health System has disclosed another insider-wrongdoing breach. This one affected about 2000 patients. The employee's motivation was reportedly related to boosting their personal healthcare business.
In their notice, JHS tries to portray themself as a victim. That didn't go over too well with me, as this is not the first time they have had a long-running insider wrongdoing breach.
In 2019, they settled HHS OCR charges after three breaches -- one of which involved insider wrongdoing over 5 years that affected 24k patients. There was no corrective action plan as part of the settlement. Perhaps there should have been?
Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach:
Another sickening insider-wrongdoing case in the healthcare sector:
North Shore University Sleep Disorders Center employee charged with secretly recording patients in restrooms:
https://databreaches.net/2025/06/04/north-shore-university-sleep-disorders-center-employee-charged-with-secretly-recording-patients-in-restrooms/
The employee was actually arrested back in 2024, but some of the details have only been coming out in the past month or so.
Texas gastroenterology and surgical practice victim of ransomware attack:
InterLock has dumped a lot of data with #PHI from Texas Digestive Specialists. The medical group does not appear to have either confirmed nor denied any claimed breach, but there are a ton of pathology reports on Texas Digestive Specialists letterhead that I saw in the tranche:
DATE: May 28, 2025 at 04:18PM
SOURCE: PsychBilling Coach In the News by Susan Frager
-------------------------------------------------
TITLE: Minor Differences to Evaluate…
URL: https://psychbillingcoach.com/minor-differences/
When making your choice between using a mega-platform and billing/credentialing services. Ready for the onslaught? Four infographics of minor differences, starting now.
One thing to keep in mind: the platform entities aren’t all the same. Not every feature listed on the “platform” side of these infographics will necessarily be true of all mega-platforms.
I present these differences because, while it’s exciting to have more choices for managing private practice than in past decades, it doesn’t mean clinicians should leap before they look.
More minor differences, # 2:
I’ll keep going. In fact, I’m only halfway through.
The fourth and final infographic:
I probably could have come up with a fifth infographic, but then I’d have had to think. Listing these minor differences took about 5 minutes on a Word document while on hold one day. And then an hour (or more) with Canva. I’m not great with the tech stuff…
The intent here isn’t to judge, or for you to feel ashamed or defensive if you use a platform. In fact, probably half the clinicians I work with do use one. The fact that the platforms expedite credentialing and contracting, especially, is a great way for professionals to start a practice more quickly than they might be able to, otherwise.
With that said, my goal here and in A Biller’s Perspective has been to help you examine the whole picture and clarify your choices. Barbara Griswold provides an excellent, comprehensive list of questions to ask and issues to investigate during the “due diligence” phase of evaluating whether you want to work with one or more of the platforms.
You have tough decisions to make if you’re starting a practice! And I’m here to help you learn about private practice when taking insurance. With or without the mega-platforms.
Next time back to “Death by 1,000 Cuts,” where I’ll be exploring the numerous frustrations involved in electronic data interchange enrollment. Fun stuff, right?!
Want more discussion on this topic? I’ll be discussing the platforms TOMORROW with Sarah O’Brien, LCSW, Thursday, May 29th, at 8am pacific/11am eastern on The Healing Hour podcast.
Or check it out on YouTube afterwards!
URL: https://psychbillingcoach.com/minor-differences/
Articles can be found by scrolling down the page at https://psychbillingcoach.com/news/ under the title "In the News".
-------------------------------------------------
This robot is unaffiliated with PsychBilling Coach.
Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org
Unofficial Psychology Today Xitter to toot feed at Psych Today Unofficial Bot @PTUnofficialBot
Psychology news and research articles at Psychology News Robot @PTUnofficialBot
NYU Information for Practice puts out 400-500 good quality health-related research posts per week but its too much for many people, so that bot is limited to just subscribers. You can read it or subscribe at @PsychResearchBot
Since 1991 The National Psychologist has focused on keeping practicing psychologists current with news, information and items of interest. Check them out for more free articles, resources, and subscription information: https://www.nationalpsychologist.com
EMAIL DAILY DIGEST OF RSS FEEDS -- SUBSCRIBE: http://subscribe-article-digests.clinicians-exchange.org
READ ONLINE: http://read-the-rss-mega-archive.clinicians-exchange.org
It's primitive... but it works... mostly...
-------------------------------------------------
#psychology #counseling #socialwork #psychotherapy @psychotherapist @psychotherapists @psychology @socialpsych @socialwork @psychiatry #mentalhealth #psychiatry #healthcare #psychotherapist #doctors #psychotherapist #hospital #HIPAA #privacy #BAA #patientrecords #telehealth #medicalbilling #SusanFrager
