HIPAA Violations, Ransomware

The Office for Civil Rights Recently Settled Two Ransomware Related Investigations

Baker Donelson on 10/11/2024

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled two ransomware cases with covered entities. These cases signal the government's growing concern with health care...more

HIPAA Security Rule Settlement Results in $950,000 Payment by a Mid-Atlantic Health System

Saul Ewing LLP on 7/17/2024

On July 1, 2024, the U.S. Department of Health and Human Services (“HHS”) Office For Civil Rights (“OCR”) announced a $950,000 settlement with Heritage Valley Health System (“Heritage Valley”) and a three-year Corrective...more

Privacy Briefs: July 2024

Health Care Compliance Association (HCCA) on 7/15/2024

Pennsylvania-based Geisinger Health System said it experienced a breach impacting more than 1.27 million patients when a former employee of vendor Nuance Communications Inc., a Microsoft Corp. subsidiary, accessed patient...more

OCR Settles Alleged HIPAA Violations for $950,000 Following 2017 Ransomware Attack

King & Spalding on 7/12/2024

On July 1, 2024, the HHS Office of Civil Rights (OCR) announced that Pennsylvania-based healthcare system, Heritage Valley Health System (Heritage Valley), has agreed to pay $950,000 to settle potential violations of the...more

OCR Will Focus on You if You Don’t Focus on Cybersecurity

Akerman LLP - Health Law Rx on 12/21/2023

With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more

HHS Releases Cybersecurity Strategy for the Healthcare Sector

King & Spalding on 12/18/2023

On December 6, 2023, HHS released a concept paper that outlines the Department’s cybersecurity strategy for the healthcare sector titled, “Healthcare Sector Cybersecurity Strategy.” HHS reports that cyber incidents in...more

HHS Enters Into First-Ever Ransomware Resolution Agreement and Corrective Action Plan

Jones Day on 12/6/2023

The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out...more

Report on Patient Privacy Volume 22, Number 10. Privacy Briefs: October 2022

Health Care Compliance Association (HCCA) on 10/11/2022

Report on Patient Privacy 22, no. 10 (October, 2022) - Thirty Democratic senators led by Sen. Patty Murray, D-Wash., have called on HHS to strengthen federal privacy protections under HIPAA to broadly restrict providers...more

Still Missing a New Leader, Former OCR Directors, Experts Offer Advice, Task List

Health Care Compliance Association (HCCA) on 8/13/2021

Issue a final rule revising the privacy regulation and write guidance on the information blocking rule. Formalize the fledgling audit program required by Congress more than 10 years ago. Engage with providers and other...more

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on 8/14/2020

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

Report on Patient Privacy Volume 20, Number 3. Privacy Briefs: March 2020

Health Care Compliance Association (HCCA) on 3/19/2020

Report on Patient Privacy 20, no. 3 (March 2020) - As the new coronavirus, COVID-19, spreads across the United States, the HHS Office for Civil Rights (OCR) is reminding HIPAA covered entities and business associates that...more

HIPAA Violations › Ransomware

"My best business intelligence, in one easy email…"