Over the course of the past few months, the Office of Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC), both of which are divisions of the U.S. Department of Health and...more
6/28/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Information Technology ,
OCR ,
ONC ,
Personally Identifiable Information ,
PHI ,
Reproductive Healthcare Issues
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has continued its enforcement of HIPAA’s privacy and security rules in the new administration, announcing a number of settlements of...more
Summary -
Federal agencies will enforce Section 1557 of the Affordable Care Act to prohibit discrimination based on sexual orientation or gender identity. The announcement reverses an effort under the previous...more
The new year began with an unusual amount of activity related to the Health Insurance Portability and Accountability Act (HIPAA). Health care providers, health plans, health care clearinghouses, and business associates...more
On December 18, 2020, the United States Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) issued guidance specific to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and...more
Following a very quiet start to HIPAA settlement activity in 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced eight settlements with covered entities and business...more
The Office of Civil Rights of the U.S. Department of Health and Human Services has issued guidance clarifying how HIPAA’s Privacy Rule permits covered entities (in particular, health care providers and health plans) or their...more
8/28/2020
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI
On March 20, 2020, the Office for Civil Rights (OCR) issued guidance in furtherance of its Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency. ...more
The Office of Civil Rights, U.S. Department of Health and Human Services, issued an update to its February bulletin, which outlined how the HIPAA privacy rules apply in a state of emergency....more
Although the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) may yet announce one or two year-end settlements, it appears that 2019 will be known more for the implementation of changes in...more
1/29/2020
/ Civil Monetary Penalty ,
Data Breach ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
HIPAA Security Rule ,
OCR ,
Penalties ,
Personally Identifiable Information ,
PHI ,
Regulatory Reform ,
Regulatory Violations
The U.S. Department of Health and Human Services Office of Civil Rights (OCR) imposed $2,154,000 in civil monetary penalties against Jackson Health System in Florida for failing to meet HIPAA privacy and security...more
10/28/2019
/ Civil Monetary Penalty ,
Data Breach ,
Electronic Medical Records ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Regulatory Violations
The Office for Civil Rights (OCR) at the Department of Health and Human Services announced it reached a settlement with Elite Dental Associates of Dallas (Elite) to resolve a complaint alleging Elite impermissibly disclosed a...more
10/8/2019
/ Calculation of Penalties ,
Corrective Actions ,
Data Breach ,
Disclosure Requirements ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Notice of Privacy Practices ,
OCR ,
Online Reviews ,
Personally Identifiable Information ,
PHI ,
Policies and Procedures ,
Regulatory Violations ,
Settlement ,
Social Media
With all of the attention on Health Insurance Portability and Accountability Act (HIPAA) requirements to safeguard the privacy and security of a patient’s health information, covered entities sometimes overlook the HIPAA...more
9/12/2019
/ Corrective Actions ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Hospitals ,
Medical Records ,
OCR ,
Patient Rights ,
Right-To-Access ,
Settlement Agreements ,
Statutory Violations
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health...more
6/5/2019
/ Business Associates ,
Corrective Actions ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Reform ,
HIPAA Breach ,
OCR ,
Risk Assessment ,
Risk Management ,
Security Standards ,
Settlement Agreements
The Office of Civil Rights of the Department of Health and Human Services (OCR) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health care...more
After a quiet winter, the Department of Health and Human Services’ Office for Civil Rights (OCR) revived with the spring, issuing a set of frequently asked questions and two recent announcements. ...more
5/13/2019
/ Disclosure Requirements ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
Mobile Apps ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management
On May 6, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an agreement with Touchstone Medical Imaging, LLC (Touchstone)...more
5/8/2019
/ Corrective Actions ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
Personally Identifiable Information ,
PHI ,
Security Rule ,
Security Standards ,
Settlement Agreements
The Department of Health and Human Services has announced that it is lowering the maximum amount it will assess for most types of HIPAA violations. Although the change is couched as an exercise of discretion, HHS states that...more
5/6/2019
/ Business Associates ,
Civil Monetary Penalty ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
OCR ,
PHI ,
Regulatory Violations
After announcing that its HIPAA enforcement collections had reached a new high-water mark of $28.7 million in 2018, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services has started this year...more
On February 7, 2019, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services published the resolution agreement for its final HIPAA settlement of 2018. ...more
2/15/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Management ,
Electronic Medical Records ,
Enforcement Actions ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Risk Management ,
Settlement Agreements
A relatively quiet year for HIPAA enforcement is ending with a small flourish. The Office of Civil Rights of the Department of Health and Human Services (HHS) has announced two settlements with covered entities within the...more
12/17/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
Information Technology ,
OCR ,
Personally Identifiable Information ,
PHI ,
Settlement Agreements
The Office of Civil Rights of the Department of Health and Human Services has announced settlements with three different Boston-area hospitals for allegedly compromising the privacy of protected health information by inviting...more
9/25/2018
/ Data Breach ,
Department of Health and Human Services (HHS) ,
Entertainment Industry ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Hospitals ,
OCR ,
Personally Identifiable Information ,
PHI ,
Settlement ,
Television Programming
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has posted an alert (and a follow-up alert) warning health plans, health care providers, and their vendors of a mock communication...more
12/1/2016
/ Cybersecurity ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Email ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Audits ,
OCR ,
PHI ,
Phishing Scams
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced an agreement with Catholic Health Services of the Archdiocese of Philadelphia (CHCS), settling allegations that CHCS violated the Health...more
7/25/2016
/ Business Associates ,
Corrective Actions ,
Data Breach ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
iPhone ,
OCR ,
Penalties ,
PHI
The Office of Civil Rights (OCR) of the Department of Health and Human Services has moved forward with Phase 2 of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program. On Monday, July 11,...more