News & Analysis as of April 23, 2025

Health Insurance Portability and Accountability Act (HIPAA)

+ Follow

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now. less -

Seeing is Believing: A Civil Money Penalty With Warby Parker Following Cybersecurity Incident

Saul Ewing LLP on 2/26/2025

On February 20, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $1.5 million civil money penalty (CMP) against Warby Parker, Inc. (WP). WP is a manufacturer and online...more

We’ll Take the Fine: OCR’s ‘Unwarranted,’ Costly Demands Prompted Hospital’s $538K Payment

Health Care Compliance Association (HCCA) on 2/7/2025

The saga that led Children’s Hospital Colorado to accept a fine of more than $500,000 imposed by the HHS Office for Civil Rights (OCR) began on July 11, 2017, when a physician’s email account containing details on 3,300...more

Indiana AG Sues Apria Healthcare for Data Breach(ing HIPAA Duties)

Cozen O'Connor on 3/8/2024

Indiana AG Todd Rokita sued home healthcare equipment and services provider Apria Healthcare, LLC for allegedly failing to investigate and inform consumers regarding data breaches beginning in 2019 in violation of state data...more

Key Takeaways from OCR’s Latest Annual HIPAA Reports to Congress

ArentFox Schiff on 4/4/2023

On February 17, 2023, the US Department of Health and Human Services Office for Civil Rights (OCR) released two companion reports to Congress detailing its actions in 2021 to enforce the privacy, security, and breach...more

HIPAA Breaches and Compliance: Key Findings & Lessons Learned from OCR’s Reports to Congress

Foley & Lardner LLP on 2/22/2023

The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Health Care Compliance Association (HCCA) on 5/6/2022

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

OCR RFI: Have You Implemented Your Recognized Security Practices?

Mintz - Health Care Viewpoints on 4/14/2022

The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) to obtain industry feedback and inform potential future rulemaking regarding information...more

HHS Requests Comments on HIPAA/HITECH Act: Recognized Security Practices & Methodologies to Compensate Harmed Individuals

Foley & Lardner LLP on 4/12/2022

On April 4, 2022, the U.S. Department of Health and Human Services (HHS) released a Request for Information (RFI) seeking input from HIPAA-covered entities and business associates on how the industry understands and is...more

Fifth Circuit Vacates $4.3M HIPAA Penalty and Potentially Opens the Door for Future HIPAA Enforcement Challenges

Mintz - Health Care Viewpoints on 1/25/2021

With a notably sharply worded opinion, the Fifth Circuit recently vacated over $4.3 million in penalties levied against the University of Texas M.D. Anderson Cancer Center (M.D. Anderson) by the Department of Health and Human...more

Data Privacy + Cybersecurity Insider - November 2019

Robinson & Cole LLP on 11/8/2019

Cyberliability insurance provider Beazley Insurance Company has analyzed its internal breach response data and determined that in its experience, there has been a thirty-seven percent (37%) increase in ransomware attacks this...more

HHS Increases Civil Monetary Penalties under HIPAA

Robinson+Cole Data Privacy + Security Insider on 11/8/2019

In accordance with the Inflation Adjustment Act, the Department of Health and Human Services (HHS) has updated its regulations to reflect required annual inflation-related increases to civil monetary penalties, including...more

Important Highlights from the NIST/OCR HIPAA Security Conference Last Week

Polsinelli on 10/25/2019

Every year, the National Institute of Standards and Technology (NIST) and the Department of Health and Human Services, Office for Civil Rights (OCR) jointly sponsor a conference to “address the dynamic and challenging...more

HHS Proposes Sweeping Changes to AKS and Stark Law, Part 2: Cybersecurity Technology and Electronic Health Records

Mintz - Health Care Viewpoints on 10/22/2019

On October 17, 2019, the Department of Health & Human Services (HHS) published two proposed rules (one by the Office of Inspector General (OIG) and one by the Centers for Medicare & Medicaid Services (CMS)) that, if...more

HHS’s Regulatory Sprint to Coordinated Care – Part 1: CMS and OIG Issue Long-Awaited Proposed Rules

Epstein Becker & Green on 10/14/2019

On October 9, 2019, the Centers for Medicare & Medicaid Services (“CMS”) and the Department of Health and Human Services (“HHS”) Office of Inspector General (“OIG”) took the next step in their Regulatory Sprint to Coordinated...more

Latest HIPAA Compliance & Enforcement Trends

Bass, Berry & Sims PLC on 4/25/2019

Enforcement activity by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) showed no signs of slowing throughout 2018 and has already picked up speed in 2019. More recent and significant actions...more

2018 Digital Health Data Developments – Navigating Change in 2019

McDermott Will & Emery on 2/5/2019

Data privacy and security legislation and enforcement saw significant activity in 2018 and early 2019. McDermott’s 2018 Digital Health Year in Review: Focus on Data report – the first in a four-part series – highlights...more

Jones Day Global Privacy & Data Security Update | Vol. 20

Jones Day on 12/26/2018

UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Releases Internal Report Regarding IoT Cybersecurity - In September, the National Institute of Standards and Technology ("NIST") released a draft...more

The Significance to Businesses of the California Legislature’s Last-Minute Revisions to the 2018 California Consumer Privacy Act

Akin Gump Strauss Hauer & Feld LLP on 9/10/2018

• The California Legislature passed SB 1121 to revise certain sections of the CCPA – the nation’s strictest privacy protection statute which provides Californians with a right to learn what personal information certain...more

Summary Judgment: Recent HIPAA Case Emphasizes Encryption, Action on Risk Analysis - AHLA Health Information and Technology...

Bradley Arant Boult Cummings LLP on 8/2/2018

On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more

Minimizing Liability For Business Associate Misconduct

Holland & Hart LLP on 3/12/2018

Healthcare providers, health plans and healthcare clearinghouses (“covered entities”) and business associates are subject to significant penalties for violations of the HIPAA Privacy, Security and Breach Notification Rules....more

20 Results

View per page

Page: of 1

Cybersecurity › Civil Monetary Penalty › Health Insurance Portability and Accountability Act (HIPAA)

"My best business intelligence, in one easy email…"