The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) on December 27, 2024, to update the Health Insurance Portability and Accountability Act...more
The HIPAA Privacy Rule to Support Reproductive Health Care Privacy went into effect on June 24, 2024. The 2024 Final Rule strengthens privacy protections for medical records and other health information related to...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled two ransomware cases with covered entities. These cases signal the government's growing concern with health care...more
10/11/2024
/ Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
Popular ,
Ransomware ,
Risk Assessment ,
Settlement
There has been a notable emphasis on proactive enforcement of the privacy and security of protected health information in recent weeks as evidenced by multiple developments regarding compliance with the Health Insurance...more
Are you a health care provider, business associate, or other entity subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regarding the use and disclosure of protected health...more
On Thursday, May 19, 2023, the Federal Trade Commission (FTC) issued a notice of proposed rulemaking and a request for public comment on proposed changes to the Health Breach Notification Rule (HBNR or, the Rule) that would...more
On April 17, 2023, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) published a Proposed Rule to support reproductive health care privacy in the Federal Register. Through the...more
In the wake of the Supreme Court's decision in Dobbs v. Jackson Women's Health Organization and the evolving legal patchwork now confronting both patients accessing reproductive health care and their health care providers,...more
On Tuesday, September 15, the U.S. Department of Health and Human Services Office of the National Coordinator (ONC), in partnership with the Office for Civil Rights (OCR), released an update to the previously published...more
There is no question that COVID-19 has brought unprecedented change to our world. The temporary relaxation of HIPAA's requirements is one of many examples of the government's efforts to address the public's health care needs...more
3/24/2020
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Public Health Emergency ,
Relief Measures ,
Telehealth ,
Telemedicine ,
Waivers
On March 16 and 17, the United States Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced limited waivers of penalties and sanctions with respect to certain HIPAA requirements due to the...more
Health care providers should take heed of the $10,000 settlement announced on October 2, 2019 between the U.S. Department of Health and Human Service (HHS) Office for Civil Rights (OCR) and a small dental practice based on...more
11/20/2019
/ Covered Entities ,
Dentists ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Online Reviews ,
Penalties ,
PHI ,
Physicians ,
Prior Authorization ,
Settlement ,
Unauthorized Disclosure ,
Yelp
October was National Cyber Security Awareness Month and, as its parting gift, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Office of the National Coordinator for Health...more
The HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) released an updated Security Risk Assessment (SRA) Tool this week. All covered entities and business...more
10/19/2018
/ Business Associates ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Duty to Update ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
ONC ,
Popular ,
Risk Mitigation ,
Security Risk Assessments
After a confusing month of contradicting guidance, the Centers for Medicare & Medicaid Services (CMS) issued a memorandum clarifying its position regarding the use of text messaging with patient information between providers....more
A recently unsealed qui tam action further demonstrates the growing focus on the propriety of incentive payments made under Medicare and Medicaid's Electronic Health Records (EHR) Incentive Programs. Health care providers...more
On November 22, 2016, the University of Massachusetts Amherst (UMass) agreed to pay $650,000 and enter into a corrective action plan to settle allegations that it violated the HIPAA Privacy and Security Rules in connection...more
On March 21, 2016, the Office for Civil Rights (OCR) formally announced the start of its 2016 Phase 2 Health Insurance Portability and Accountably Act (HIPAA) Audit Program. Unlike Phase 1, in which OCR's 2012 pilot program...more
On July 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton, Massachusetts, regarding potential...more
7/16/2015
/ Compliance ,
Corrective Actions ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
Department of Health and Human Services (HHS) ,
Electronically Stored Information ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
Passwords ,
Settlement Agreements
The title of this alert, which comes straight from the Department of Health and Human Services Office for Civil Rights' (OCR) announcement of its most recent settlement, again underscores the critical need for covered...more
It has long been established that there was no private right of action with regard to HIPAA. All providers must be aware that state courts are beginning to turn the tide regarding such liability. On November 11, 2014, the...more
On August 18, 2014, Community Health Systems, Inc. (CHS) publicly confirmed, in a filing with the Securities and Exchange Commission (CHS filing), that its computer network was attacked between April and June 2014 by hackers...more
8/21/2014
/ China ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
EHR ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Malware ,
PHI ,
Popular
On March 28, 2014, the HHS Office of the National Coordinator for Health Information Technology (ONC), in conjunction with the HHS Office for Civil Rights (OCR), released a Security Risk Assessment tool (SRA tool) to assist...more
On September 19, the Health and Human Services Department (HHS) issued guidance on the effect of the January 25, 2013 Final Rule provision about remuneration related to prescription refill reminders and medication adherence...more