Privacy Series: HIPAA Breaches - When It Is, and When It Is Not a Breach
Compliance Perspective: What's New in Healthcare Privacy
Over the course of the past few months, the Office of Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC), both of which are divisions of the U.S. Department of Health and...more
On May 16, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced a $350,000 settlement with MedEvolve, Inc., a practice and revenue cycle management and practice analytics software...more
Report on Patient Privacy Volume 22, Number 11. November 2022 - The second largest nonprofit hospital chain in the U.S. has been grappling with an Oct. 3 cybersecurity incident that affected facilities across the country,...more
Cyber-attacks on health care entities are becoming increasingly frequent, and the resulting data breaches are often complex. In the event of a cyber-attack, health care entities and their business associates must adhere to...more
According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care...more
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
The Office of Civil Rights (OCR) issued a notice this week stating that it will not impose penalties for HIPAA non-compliance in connection with a covered entity health care provider’s or business associate’s good faith use...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the...more
On October 8, 2020, New Jersey Attorney General Gurbir Grewal (AG) announced that his office has entered into a multi-state settlement agreement with Community Health Systems, Inc. (CHS) stemming from an investigation of a...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced that it has settled potential violations of HIPAA with Athens Orthopedic Clinic PA (Athens) for $1.5 million, following an...more
Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of...more
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion....more
Health care organizations continue to be a popular target for hackers. According to information from the U.S. Department of Health & Human Services (HHS), over 30 reports of data breaches have been filed by health care...more
It is being reported that LifeLabs, a Canadian lab company that is the largest provider of laboratory diagnostics and lab testing services in Canada, recently paid an undisclosed ransom to hackers who compromised its computer...more
In accordance with the Inflation Adjustment Act, the Department of Health and Human Services (HHS) has updated its regulations to reflect required annual inflation-related increases to civil monetary penalties, including...more
The U.S. Department of Health and Human Services Office of Civil Rights (OCR) imposed $2,154,000 in civil monetary penalties against Jackson Health System in Florida for failing to meet HIPAA privacy and security...more
The Office for Civil Rights (OCR) announced on October 23, 2019, that Jackson Health System (“Jackson”), a not for profit hospital system comprised of six hospitals, urgent care centers, nursing facilities and primary care...more
Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and...more
The latest HIPAA resolution agreement by the U.S. Department of Health and Human Services Office for Civil Rights (OCR) is a reminder that healthcare providers must take the high road when responding to unflattering online...more
The Office for Civil Rights (OCR) at the Department of Health and Human Services announced it reached a settlement with Elite Dental Associates of Dallas (Elite) to resolve a complaint alleging Elite impermissibly disclosed a...more
Consistent with our experience, security firm McAfee has confirmed in a report that ransomware attacks have doubled in 2019. Medical providers have been hit hard this year, and one provider, Wood Ranch Medical, located in...more
Until recently, the annual limit for civil monetary penalties (CMP) that could be levied against covered entities and business associates in violation of the Health Insurance Portability and Accountability Act of 1996, as...more
The HHS Office for Civil Rights (“OCR”) issued a notice in the Federal Register regarding its Enforcement Discretion (84 Fed. Reg. 18151) on April 30, 2019. HHS announced that HHS will now apply a different cumulative annual...more
After a quiet winter, the Department of Health and Human Services’ Office for Civil Rights (OCR) revived with the spring, issuing a set of frequently asked questions and two recent announcements. ...more
The Office of Civil Rights (“OCR”) is the federal agency that oversees compliance with the Health Insurance Portability and Accountability Act of 1996, and its implementing regulations (“HIPAA”). In that regard, among other...more