HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
Over the course of the past few months, the Office of Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC), both of which are divisions of the U.S. Department of Health and...more
Who will notify the potentially millions of individuals whose information might have been jeopardized by the massive cyberattack on Change Healthcare? Since the affiliate of UnitedHealth Group (UHG) first reported the...more
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
It is no secret that protected health information (or “PHI”) is more and more at risk for cybersecurity attacks. In 2022 (the most recent year this statistic is available), the Department for Health and Human Services Office...more
Late last year, the Department of Health and Human Services (HHS) issued its first HIPAA settlement agreement involving a ransomware attack. In the press release announcing the settlement, HHS stated that they began...more
On December 7, 2023, OCR released a statement that it was settling a phishing cyber-attack investigation into Lafourche Medical Group (the Medical Group) which specializes in emergency medicine, occupational medicine, and...more
On Oct. 31, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced it had settled with Doctors’ Management Services Inc. (DMS) over a self-reported ransomware attack that occurred in...more
Privacy Briefs: June 2023 - Long-term care pharmacy network PharMerica disclosed a breach involving more than 5.8 million patients, making it the largest breach reported to the HHS Office for Civil Rights (OCR) in the last...more
General and specialty compliance training from the comfort of your home or office! HCCA’s Regional Healthcare Compliance Conferences provide practitioners with virtual compliance training that includes updates on the...more
Cyber-attacks on health care entities are becoming increasingly frequent, and the resulting data breaches are often complex. In the event of a cyber-attack, health care entities and their business associates must adhere to...more
Oklahoma State University’s Center for Health Services recently paid $875,000 to settle potential HIPAA violations after a cyberattack resulted in the unauthorized access of its patients’ protected health information. A...more
Report on Patient Privacy 22, no. 6 (June, 2022) - A report from the HHS Health Sector Cybersecurity Coordination Center (HC3) found that in early 2022, ransomware groups increasingly turned to legitimate software during...more
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the...more
Report on Patient Privacy 18, no. 1 (January 2021) - The HHS Office for Civil Rights (OCR) settled its 13th enforcement action in its Right of Access Initiative, first announced in 2019 to support individuals’ rights to...more
Report on Patient Privacy 20, no. 11 (November 2020) - In her 14-plus years of investigating and blogging about hacking and breaches, “Dissent” has been yelled at, threatened with lawsuits and accused of being a criminal....more
On October 8, 2020, New Jersey Attorney General Gurbir Grewal (AG) announced that his office has entered into a multi-state settlement agreement with Community Health Systems, Inc. (CHS) stemming from an investigation of a...more
CYBERSECURITY - OFAC Issues Advisory on Sanctions for Facilitating Ransomware Payments - On October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory “to...more
On September 25, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced that it reached a settlement with Premera Blue Cross (PBC), a health plan operating in Washington and Alaska,...more
With apologies to John Donne, ask not for whom the bells tolls, HIPAA business associates, it tolls for thee! While it has been the law for some time that business associates could be held directly liable for breaches,...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) reached a settlement for $1,500,000 and entered into a substantial corrective action plan with Athens Orthopedic Clinic (AOC) as a result of AOC’s...more
It is being reported that LifeLabs, a Canadian lab company that is the largest provider of laboratory diagnostics and lab testing services in Canada, recently paid an undisclosed ransom to hackers who compromised its computer...more
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency....more
Although Amazon and Google respond to reports of vulnerabilities in popular home smart assistants Alexa and Google Home, hackers continually work hard to exploit any vulnerabilities in order to listen to users’ every word to...more
Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and...more