HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
Covered entities (CEs) and business associates (BAs) may receive a “discount” for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
The cyber breach at Change Healthcare in 2024 stands out as one of the most significant cyber-attacks in recent memory. Its repercussions extend far beyond immediate industry disruptions, resonating deeply in regulatory...more
The HHS Office for Civil Rights (OCR) has abandoned its appeal of a federal judge’s ruling overturning OCR’s guidance prohibiting covered entities (CEs) and business associates (BAs) from using the web-tracking technologies...more
On July 19, Change Healthcare Ince. filed a breach report with HHS Office for Civil Rights (OCR) concerning its mammoth ransomware attack and breach. The organization’s breach report to OCR identifies just 500 individuals as...more
Unleashed on June 27, 2017, NotPetya caused an estimated $10 billion in damages globally, among the costliest ransomware attacks in history. In 2018, the Trump administration—in tandem with the British government—blamed...more
In the wake of the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization and subsequent state abortion bans, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued a...more
On April 26, 2024, the U.S. Department of Health and Human Service Office for Civil Rights issued a final privacy rule to support reproductive health privacy. The rule does not allow the sharing of reproductive health...more
Given the inability of the U.S. Congress to pass a comprehensive privacy law (such as the proposed and likely dead-on-arrival APRA), the United States continues to be left with a patchwork of sector-specific laws and a...more
Attestations are at the heart of permissible disclosures under the HHS Office for Civil Rights’ (OCR) new reproductive health privacy rule—and OCR wants covered entities (CEs) and business associates (BA) to use them now. The...more
On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems...more
In a consequential decision for Health Insurance Portability and Accountability Act (HIPAA)-regulated entities, on June 20, 2024, the US District Court for the Northern District of Texas ruled in American Hospital Association...more
On June 20, 2024, a Texas federal court vacated the Office for Civil Rights’ (OCR's) controversial guidance concerning Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates, available here....more
While many healthcare providers are generally aware of their obligations under HIPAA, most do not have a clear sense of what happens if they fail to meet these obligations. At best, most probably are familiar with headlines...more
On April 26, the US Department of Health and Human Services Office for Civil Rights (OCR) published a Final Rule that adds protections under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule...more
This issue of McDermott’s Healthcare Regulatory Check-Up highlights regulatory activity for April 2024. We discuss several US Department of Health and Human Services (HHS) agency actions, including the Calendar Year (CY) 2025...more
What are the top 5 data privacy concerns for my clients the past couple of months? Here are some notes I recently compiled for a meeting of Fox Rothschild’s national Privacy Law Practice Group. Patchwork Paralysis - •How...more
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
Earlier this week, the Biden-Harris Administration, through the Office for Civil Rights (OCR) announced a Final Rule aimed at protecting protected health information (PHI) related to lawfully provided reproductive health care...more
Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more
The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more