Cybersecurity, Corrective Action Plans (CAPs)

Seven Years After Worldwide NotPetya Attacks, OCR Singles Out PA System, Collects Nearly $1M

Health Care Compliance Association (HCCA) on 8/21/2024

Unleashed on June 27, 2017, NotPetya caused an estimated $10 billion in damages globally, among the costliest ransomware attacks in history. In 2018, the Trump administration—in tandem with the British government—blamed...more

[Event] Higher Education & Healthcare Research Compliance Conference - June 10th - 12th, New Orleans, LA

Society of Corporate Compliance and Ethics... on 3/8/2024

Don’t miss our annual conference devoted to higher education and research compliance - Attend the Higher Education & Healthcare Research Compliance Conference June 10–12, 2024 and hear from experienced professionals on a...more

OCR Ends Year With Settlements That Tread Old Ground, Says New Rules Are Coming—Someday

Health Care Compliance Association (HCCA) on 1/17/2024

If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more

HIPAA on the Horizon in the New Year: Important Lessons from an Active 2023 and Regulatory Initiatives to Watch for in 2024

Dorsey & Whitney LLP on 1/4/2024

2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more

OCR Faults Business's Data Security Practices After Ransomware Attack

Shook, Hardy & Bacon L.L.P. on 11/21/2023

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced its first settlement agreement related to a ransomware attack. But it was not the ransomware that triggered OCR’s enforcement...more

BA Depicted by OCR as Example of Ransomware Dangers Recovered Quickly, Didn’t Expect Fine

Health Care Compliance Association (HCCA) on 11/10/2023

Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more

A Midsummer’s Review – Cybersecurity Is the Word: HIPAA Enforcement and Guidance Trends

Arnall Golden Gregory LLP on 7/27/2023

Summer is in full swing, but the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) is doing anything but taking a vacation from HIPAA. In May and June, OCR issued five resolution agreements...more

HIPAA Breaches and Compliance: Key Findings & Lessons Learned from OCR’s Reports to Congress

Foley & Lardner LLP on 2/22/2023

The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently submitted two annual reports to Congress setting forth a summary of complaints and breaches reported to the OCR during...more

Arizona Hospital Pays $1.25 Million in HIPAA Settlement After Cyber Attack

Rivkin Radler LLP on 2/9/2023

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on February 2 that Banner Health, a not-for-profit hospital system based in Arizona, has paid $1.25 million in order to settle alleged...more

2016 Breach Costs OK State Medical Center $875K; System Initially Missed Vulnerability

Health Care Compliance Association (HCCA) on 8/16/2022

Report on Patient Privacy 22, no. 8 (August, 2022) - Oklahoma State University Center for Health Sciences’ (OSUCHS) breach might not have seemed all that serious at the time: No data is believed to have been misused,...more

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Health Care Compliance Association (HCCA) on 5/6/2022

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

[Virtual Event] 2021 Managed Care Compliance Conference - February 1st - 3rd, 9:30 am - 3:45 pm CST

Health Care Compliance Association (HCCA) on 12/1/2020

The first ever VIRTUAL Managed Care Compliance Conference will have the great speakers and content you have come to expect from the in-person event. Each year, we look forward to hosting compliance professionals at our...more

HHS Announces Eight HIPAA Settlements

Ballard Spahr LLP on 10/5/2020

Following a very quiet start to HIPAA settlement activity in 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced eight settlements with covered entities and business...more

Indiana AG Proposed Regulations Creating Corrective Action Plan Requirement And Cybersecurity Safe Harbor

Jackson Lewis P.C. on 9/25/2020

A proposal by Indiana’s Attorney General Curtis Hill on Wednesday would add a significant step in the incident response process for responding to breaches of security affecting Indiana residents. On Wednesday, during a U.S....more

GA Orthopedic Practice In $1.5M HIPAA Settlement

Rivkin Radler LLP on 9/24/2020

On September 21, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a $1.5 million agreement with Athens Orthopedic Clinic PA to settle “longstanding, systemic noncompliance” with the...more

Cybersecurity › Corrective Action Plans (CAPs)

"My best business intelligence, in one easy email…"