News & Analysis as of September 17, 2024

Business Associates › Cyber Attacks › Office of Civil Rights

+ Follow

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc. less -

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

Health Care Compliance Association (HCCA) on 5/13/2024

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

HHS Issue Six Figure Penalty for Ransomware Attack

Bricker Graydon LLP on 1/5/2024

Late last year, the Department of Health and Human Services (HHS) issued its first HIPAA settlement agreement involving a ransomware attack. In the press release announcing the settlement, HHS stated that they began...more

Business Associate Agrees to $100,000 Settlement Following Cyber Attack

Saul Ewing LLP on 11/9/2023

On Halloween, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $100,000 settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’...more

Facing Escalating Attacks, AHA Presses OCR to Expedite Security Practices Rule

Health Care Compliance Association (HCCA) on 12/10/2021

Report on Patient Privacy 21, no. 12 (December, 2021) - Amid the letters of congratulations to new HHS Office for Civil Rights (OCR) Director Lisa Pino is a plea from the American Hospital Association (AHA): “victims” of...more

HIPAA Security And “Zero Day” Exploits: How To Stay Ahead Of The Hack

Fox Rothschild LLP on 4/5/2019

HHS Office for Civil Rights (OCR)’s April 3, 2019 cybersecurity newsletter highlights one of the more challenging cybersecurity vulnerabilities faced by covered entities and business associates. OCR reminds covered entities...more

How Can Healthcare Organizations Prepare for the Next Cyberattack?

Latham & Watkins LLP on 7/11/2017

HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

Balch & Bingham LLP on 6/19/2017

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

Mintz - Health Care Viewpoints on 6/14/2017

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

UMass Amherst Settles HIPAA Violations with OCR for $650,000

Robinson+Cole Data Privacy + Security Insider on 12/5/2016

The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more

OCR Alerts Listservs About Fake Phishing Email to Covered Entities and Business Associates

Robinson+Cole Data Privacy + Security Insider on 12/2/2016

On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more

OCR Issues Guidance on Ransomware Attacks and Determining Whether a Reportable HIPAA Breach Exists

Parker Poe Adams & Bernstein LLP on 8/15/2016

The Office of Civil Rights (“OCR”) has issued new guidance in connection with an increase of malicious cyberattacks, namely ransomware attacks on healthcare organization’s computer systems. Ransomware is a defined by HHS as a...more

OCR Makes It Official: Ransomware Attacks Are HIPAA Breaches

McGuireWoods LLP on 7/27/2016

Ransomware attacks appear to be increasing in frequency as well as severity. Ransomware is malicious software that encrypts data until a ransom is paid to the hacker. For healthcare providers, the inability to access...more

HHS OCR Guidance on Ransomware Attacks: They Constitute a “Security Incident” and Are Likely a Data Breach

Foley Hoag LLP - Security, Privacy and the... on 7/25/2016

On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in...more

Ransomware Attack is a Breach – Unless You Can Prove Otherwise

Baker Donelson on 7/25/2016

Ransomware is the fastest growing malware threat in the United States, targeting simple home computers to elaborate corporate IT networks. The Federal Bureau of Investigation recently reported an increase in ransomware...more

OCR Issues New Guidance on Ransomware and HIPAA

Arnall Golden Gregory LLP on 7/20/2016

In response to a rising number of ransomware attacks on healthcare systems, the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has issued new ransomware guidance on the HIPAA obligations of...more

OCR Announces New HIPAA Guidance on Ransomware

Cozen O'Connor on 7/14/2016

In response to the increasing prevalence of ransomware cyber-attacks by hackers on electronic health information systems in hospitals and medical practices, the Department of Health and Human Services (HHS) Office for Civil...more

Recent Settlements and Upcoming Audits Highlight the Continuing Need to Focus on Core HIPAA Compliance Measures

Chambliss, Bahner & Stophel, P.C. on 5/18/2016

Recent settlements and initiatives conducted by the Office for Civil Rights ("OCR") at the U.S. Department of Health and Human Services highlight the continuing need for focus on compliance with the privacy and security...more

Department of Health and Human Services Cracks Down on Vendor Oversight in Recent Hospital Settlements

Patterson Belknap Webb & Tyler LLP on 4/26/2016

From the rise in ransomware attacks to inadvertent disclosure of information by subcontractors, the health services industry is reminded that a potential consequence of a data breach is the threat of a regulatory enforcement...more

Data-Harvesting Zombie Hackers, Blood-Thirsty Auditors, and Other Reasons to be Scared on Halloween

Mintz - Health Care Viewpoints on 10/30/2015

This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more

19 Results

/

View per page

Page: of 1