HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled two ransomware cases with covered entities. These cases signal the government's growing concern with health care...more
On June 20, a federal district court in Texas ruled that the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) exceeded its authority under the Health Insurance Portability and Accountability Act...more
On July 1, 2024, the U.S. Department of Health and Human Services (“HHS”) Office For Civil Rights (“OCR”) announced a $950,000 settlement with Heritage Valley Health System (“Heritage Valley”) and a three-year Corrective...more
While many healthcare providers are generally aware of their obligations under HIPAA, most do not have a clear sense of what happens if they fail to meet these obligations. At best, most probably are familiar with headlines...more
The federal agency responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) – the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services – recently submitted...more
Happy 2024! The entire Saul Ewing Health Law Practice Group wishes you and yours a healthy and prosperous new year and successful (and compliant) activities in the health care delivery system this year and beyond....more
If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
Report on Patient Privacy 23, no. 12 (December, 2023) Spring 2020 was a terrifying period in the annals of COVID-19, and New York was at the epicenter. COVID-19 cases, and deaths, already the highest in the nation, were...more
The HIPAA Privacy and Security Rules generally require covered entities (including most healthcare providers) to execute written agreements (“business associate agreements” or “BAAs”) with their business associates before...more
Report on Patient Privacy Volume 23, no 7 (July 2023) In two public talks this spring, Melanie Fontes Rainer, director of the HHS Office for Civil Rights (OCR), said completing the 2021 proposed regulation extensively...more
Report on Patient Privacy 22, no. 10 (October, 2022) - How about free? Patients daily face the machinations of getting records from their providers, and health care practices, hospitals and even dentists struggle with...more
On August 23, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that Massachusetts-based New England Dermatology, P.C., d/b/a New England Dermatology and Laser Center (NEDLC), agreed to...more
On August 23, 2022, the Office for Civil Rights (OCR) issued a press release announcing that it had settled with New England Dermatology, P.C. (NED) for $300,640 “over the improper disposal of protected health information.” ...more
Oklahoma State University’s Center for Health Services recently paid $875,000 to settle potential HIPAA violations after a cyberattack resulted in the unauthorized access of its patients’ protected health information. A...more
One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more
Report on Patient Privacy 21, no. 2 (February 2021) - Unless an extension is granted or the notice of proposed rulemaking (NPRM) is withdrawn, covered entities (CEs) and business associates (BAs) have until late March to...more
Report on Medicare Compliance 30, no. 7 (February 22, 2021) - A Michigan woman is the first in the nation to be charged criminally with misappropriating money from the Provider Relief Fund (PRF), the Department of Justice...more
Report on Medicare Compliance 30, no. 2 (January 18, 2021) - Recovery audit contractors (RACs) may soon be auditing positron emission tomography (PET) for initial treatment strategy in oncologic conditions for compliance...more
Report on Medicare Compliance 29, no. 42 (November 23, 2020) - CMS said Nov. 16 that the Medicare fee-for-service improper payment rate dropped to 6.27% in FY 2020 from 7.25% last year, although CMS had to “modify”...more
On July 27, 2020, HHS issued a press release indicating that Lifespan Health System Affiliated Covered Entity (Lifespan), a non-profit health system in Rhode Island, reached a settlement with the Office for Civil Rights...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
Roger Severino, Director of the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), provides advice for HIPAA covered health care providers: "When informed of potential HIPAA...more
The COVID-19 outbreak has led OCR to announce that it will exercise enforcement discretion to not impose penalties for HIPAA violations against healthcare providers treating patients through some commonly used social media...more