Let’s review for a moment.
It’s not a HIPAA violation to be a victim of ransomware.
It’s not a HIPAA violation to pay a ransom.
It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
10/16/2024
/ Compliance ,
Covered Entities ,
Cyber Attacks ,
Cyber Incident Reporting ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Investigations ,
OCR ,
Patients ,
Popular ,
Privacy Laws ,
Ransomware ,
Regulatory Requirements ,
Settlement
Now that the HHS Office for Research Integrity (ORI) has published its final rule revising 2005 regulations governing misconduct, compliance officials could be engaging in three activities simultaneously: checking to see if...more
10/1/2024
/ Academic Misconduct ,
Compliance ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Healthcare ,
HHS Office of Research Integrity (ORI) ,
New Regulations ,
NPRM ,
Policies and Procedures ,
Regulatory Requirements ,
Research and Development
Sheila Garrity, director of the HHS Office of Research Integrity (ORI), recently spoke to RRC about the agency‘s new rule revising research misconduct regulations, which has a compliance date of Jan. 1, 2026 (see related...more
Report on Research Compliance 21, no. 9 (September, 2024) -
How many types of falsehoods might sully applications for research funds and the studies they support? Unfortunately, the most recent semiannual report to...more
9/5/2024
/ Academic Misconduct ,
Compliance ,
False Claims Act (FCA) ,
False Reporting ,
Fraud ,
Government Agencies ,
Health Care Providers ,
Healthcare ,
HHS Office of Research Integrity (ORI) ,
Medical Records ,
National Science Foundation ,
OIG ,
Research and Development ,
Settlement
Report on Research Compliance 21, no. 9 (September, 2024) -
Based on their review of public data on ClinicalTrials.gov, a bipartisan quartet of U.S. representatives has asked the Food and Drug Administration (FDA) to...more
9/5/2024
/ Academic Misconduct ,
Artificial Intelligence ,
Audits ,
Biopharmaceutical ,
China ,
Clinical Trials ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Food and Drug Administration (FDA) ,
Fraud ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Institutional Review Board (IRB) ,
Life Sciences ,
National Science Foundation ,
Office for Human Research Protections (OHRP) ,
OIG ,
Reporting Requirements ,
Research and Development
Unleashed on June 27, 2017, NotPetya caused an estimated $10 billion in damages globally, among the costliest ransomware attacks in history. In 2018, the Trump administration—in tandem with the British government—blamed...more
8/21/2024
/ Corrective Action Plans (CAPs) ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
HIPAA Security Rule ,
Malware ,
OCR ,
Patients ,
Privacy Laws ,
Settlement
The Food and Drug Administration (FDA) has given Massachusetts Institute of Technology (MIT) 15 days from receipt of its June 21 warning letter to elaborate on corrective actions to address violations of federal requirements...more
8/6/2024
/ Antitrust Division ,
Chief Compliance Officers ,
Chief Ethics and Compliance Officers (CECO) ,
Code of Federal Regulations (CFR) ,
Compliance ,
Coronavirus/COVID-19 ,
Corrective Actions ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Ethics ,
False Statements ,
Food and Drug Administration (FDA) ,
Institutional Review Board (IRB) ,
National Science Foundation ,
Office of Laboratory Animal Welfare (OLAW) ,
OIG ,
Pharmaceutical Industry ,
Research and Development ,
Settlement Agreements ,
Technology Sector ,
Vaccinations ,
Warning Letters ,
Wire Fraud
“I am writing with good news!!! Yesterday, the 10th Circuit overturned Franklin’s only remaining conviction and ordered the trial judge to enter a verdict of NOT GUILTY!!! After five long and difficult years, Franklin has...more
Attestations are at the heart of permissible disclosures under the HHS Office for Civil Rights’ (OCR) new reproductive health privacy rule—and OCR wants covered entities (CEs) and business associates (BA) to use them now. The...more
7/16/2024
/ Attestation Requirements ,
Breach Notification Rule ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Labeling ,
OCR ,
Patient Privacy Rights ,
Patients ,
PHI ,
Privacy Laws
Attorney Peter Zeidenberg was surprised to learn that NIH had successfully clawed back $3.6 million—plus a nearly 100% penalty—from Cleveland Clinic. The Department of Justice (DOJ) claimed the award funds were ill-gotten...more
6/10/2024
/ Clawbacks ,
Compliance ,
Corrective Action Plans (CAPs) ,
Department of Justice (DOJ) ,
Disclosure ,
False Claims Act (FCA) ,
Healthcare ,
National Institute of Health (NIH) ,
Regulatory Requirements ,
Settlement ,
Universities
New York Medical College (NYMC) officials thought the HHS Office of Inspector General’s (OIG) audit was wrapping up in December 2021, based on what “the original senior auditor” told them. But the auditor retired and work...more
5/24/2024
/ Auditors ,
Audits ,
Compliance ,
Department of Health and Human Services (HHS) ,
Educational Institutions ,
FCOI ,
Medical Research ,
National Institute of Health (NIH) ,
OIG ,
Policies and Procedures ,
Popular ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Research and Development ,
Research Funding ,
Scientific Research
Some funding applications submitted to NIH beginning Jan. 25 will face new requirements and undergo a revised peer review process. To prepare investigators and institutions, NIH launched a dedicated website with details about...more
5/24/2024
/ Audits ,
Compliance ,
Department of Health and Human Services (HHS) ,
Draft Guidance ,
Food and Drug Administration (FDA) ,
Fund Applications ,
Grants ,
HHS Office of Research Integrity (ORI) ,
Informed Consent ,
Labeling ,
Logos ,
National Institute of Health (NIH) ,
National Science Foundation ,
Noncompliance ,
Prescription Drugs ,
Professional Misconduct ,
Required Documentation ,
Scientific Research ,
Terms and Conditions
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
5/13/2024
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Hackers ,
Health Care Providers ,
Healthcare ,
Legislative Agendas ,
OCR ,
Patients ,
Personal Information ,
Popular ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Requirements
Organizations typically deal with ransomware attacks out of the public eye, but the massive scale of United Healthcare Group’s (UHG) February breach made that an impossibility. UHG CEO Andrew Witty was recently on the hot...more
5/13/2024
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Facilities ,
Incident Response Plans ,
Medical Records ,
Patients ,
Popular ,
Privacy Laws ,
Ransomware
Some funding applications submitted to NIH beginning Jan. 25 will face new requirements and undergo a revised peer review process. To prepare investigators and institutions, NIH launched a dedicated website with details about...more
5/2/2024
/ Centers for Medicare & Medicaid Services (CMS) ,
Clinical Trials ,
Department of Health and Human Services (HHS) ,
Food and Drug Administration (FDA) ,
Healthcare ,
Life Sciences ,
National Institute of Health (NIH) ,
National Science Foundation ,
OIG ,
Professional Misconduct ,
Research and Development ,
Scientific Research ,
The Common Rule
In December 2022, Julie Kaneshiro—then deputy director of the HHS Office for Human Research Protections (OHRP)—disclosed that the agency had 32 positions but that only 20 were filled, leaving 12 vacant or “on hold,” due to...more
In September 2015, while working in an office on the grounds of Mercy Hospital in Miami, Ivette Maria Portela Martinez learned about an upcoming clinical trial for treatment of symptoms of Clostridium difficile infections and...more
3/27/2024
/ Clinical Trials ,
Criminal Conspiracy ,
Criminal Convictions ,
Criminal Prosecution ,
Department of Justice (DOJ) ,
False Statements ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Healthcare ,
Investigations ,
Life Sciences ,
Medical Research ,
Pharmaceutical Industry ,
Popular ,
Research and Development ,
Scientific Research ,
Wire Fraud
Arguing that the National Science Foundation (NSF) was “intricately involved” when it made a $1.125 million fixed amount subaward, Oklahoma University (OU) objected to a recent finding by auditors for the NSF Office of...more
3/27/2024
/ Audits ,
Comment Period ,
Compliance ,
Draft Guidance ,
Food and Drug Administration (FDA) ,
Legislative Agendas ,
Life Sciences ,
National Science Foundation ,
Office for Human Research Protections (OHRP) ,
Proposed Legislation ,
Research and Development ,
SACHRP ,
Scientific Research
Although the HHS Office for Civil Rights (OCR) described its recent $4.75 million agreement with a Bronx, New York, hospital as settling a “malicious insider cybersecurity investigation,” the agency considered a total of 11...more
3/12/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Employees ,
Enforcement Actions ,
Health Care Providers ,
Healthcare ,
HIPAA Security Rule ,
HIPAA Violations ,
Hospitals ,
Internal Investigations ,
Popular ,
Risk Assessment ,
Settlement
The HHS Office of Research Integrity (ORI) gets an “A” for effort on its new proposed regulation revising research misconduct rules, but maybe a “D” overall. Most of the nearly 200 comments on the proposed rule posted online...more
The Association of American Universities (AAU) and the Council on Governmental Relations (COGR) are among a handful of groups “urging the Biden administration to rescind a policy proposal that would threaten the American...more
2/26/2024
/ Auditors ,
Audits ,
Bayh-Dole Act ,
Biden Administration ,
Compliance ,
Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Environmental Protection Agency (EPA) ,
Innovation Patent ,
Inventions ,
Inventors ,
Medical Records ,
National Security Agency (NSA) ,
NIST ,
OCR ,
OIG ,
Patents ,
Personal Data ,
Rescission ,
Research and Development ,
Settlement ,
Technology Sector ,
Universities
The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth.
In fact, in 2022, the Government Accountability...more
2/9/2024
/ Centers for Medicare & Medicaid Services (CMS) ,
Compliance ,
Cyber Threats ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
GAO ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Privacy Laws ,
Risk Assessment ,
Risk Management ,
Risk Mitigation ,
Telehealth
Moffitt Cancer Center’s recent $19.5 million settlement with the U.S. Department of Justice (DOJ) and the state of Florida resolving allegations that billing errors violated the False Claims Act (FCA) triggered a “fully...more
The Food and Drug Administration (FDA) is seeking strategies from Jeffrey W. Taub, M.D., to prevent future violations of human subject regulations the agency said were documented during site visits in September and October...more
1/30/2024
/ AAMC ,
Cancer ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Food and Drug Administration (FDA) ,
GAO ,
Healthcare ,
Legislative Agendas ,
Life Sciences ,
Medical Research ,
National Institute of Health (NIH) ,
National Science Foundation ,
OSTP ,
Proposed Legislation ,
Proposed Regulation ,
Regulatory Requirements ,
Scientific Research ,
Technology
If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more
1/17/2024
/ Amended Rules ,
Corrective Action Plans (CAPs) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Employee Training ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Security Rule ,
HIPAA Violations ,
OCR ,
PHI ,
Policies and Procedures ,
Proposed Regulation ,
Regulatory Reform ,
Right-To-Access ,
Security Risk Assessments ,
Settlement