The U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR") continues to be actively engaged in investigating and settling alleged HIPAA violations. In advance of Mother's Day, two decisions...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced two settlements with HIPAA-covered entities – one in Washington State and one in New Jersey with settlements of $240,000...more
On August 23, 2022, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) announced a $300,640 settlement and a Corrective Action Plan (“CAP”) with New England Dermatology P.C., d/b/a...more
On September 25, 2020, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) issued a press release announcing that Premera Blue Cross (Premera) had agreed to pay $6,850,000 and...more
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced on April 2, 2020 that it will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against...more
On March 3, 2020, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced a $100,000 settlement and corrective action plan with Steven A. Porter, M.D. to resolve potential...more
3/9/2020
/ Business Associates ,
Covered Entities ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Settlement
On May 24, 2019, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), released a new fact sheet describing 10 ways in which a “business associate” can be liable under HIPAA. ...more
On December 4, 2018, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Advanced Care Hospitalists (ACH) agreed to pay $500,000 to settle alleged HIPAA violations arising out of ACH...more
On February 13, 2018, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that a receiver appointed to liquidate the assets of Filefax, Inc. agreed to pay $100,000 to settle...more
On February 1, 2018, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Fresenius Medical Care North America (FMCNA) agreed to pay $3.5 million and enter into a Corrective...more
St. Luke’s-Roosevelt Hospital Center, Inc. (SLRHC), a member of the New York-based Mount Sinai Health System, paid $387,000 to the U.S. Department of Health and Human Services (HHS) and entered into a corrective action plan...more
On April 24, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that CardioNet, Inc. (CNI) agreed to pay $2.5 million and enter into a Corrective Action Plan (CAP) to settle...more
4/28/2017
/ Business Associates ,
Corrective Actions ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Popular
On April 20, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Children’s Digestive Health (CDH) agreed to pay HHS $31,000 for its failure to have a business associate...more
On October 18, 2016, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that St. Joseph Health (SJH) agreed to settle allegations relating to the HIPAA Privacy and Security Rules,...more
10/26/2016
/ Business Associates ,
Corrective Actions ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI
On October 7, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), released a guidance document (the “Guidance”) on the HIPAA-compliant use of cloud computing technologies. The...more
On September 23, 2016, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Care New England Health System (CNEHS) agreed to pay $400,000 and enter into a corrective action plan...more
On August, 4, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Advocate Health Care Network (Advocate) agreed to pay a settlement amount of $5.55 million and adopt a...more
During the week of April 18, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced two significant settlements with a large New York City hospital and a North Carolina orthopaedic...more
4/26/2016
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Film Industry ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
Patient Privacy Rights ,
PHI ,
Prior Authorization ,
Public Disclosure ,
Settlement
On March 21, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”), announced the launch of the 2016 Phase 2 Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Audit...more
On March 16, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that North Memorial Health Care of Minnesota (“Memorial”) agreed to pay $1.55 million to resolve allegations that...more
On September 29, 2015, the Office of Inspector General (OIG) released two reports that reviewed the Office of Civil Rights’ (OCR) enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The...more
On September 2, 2015, the U.S. Department of Health and Human Services ("HHS") announced that it had entered into a Settlement Agreement with an Indiana-based medical practice for alleged violations of the Health Insurance...more
9/4/2015
/ Breach Notification Rule ,
Compliance ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
De-Identified Protected Health Information ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personally Identifiable Information ,
PHI ,
Popular ,
Privacy Policy ,
Settlement Agreements
St. Elizabeth’s Medical Center (SEMC), a tertiary care hospital based in Brighton, Mass., agreed to pay $218,400 to address deficiencies in its HIPAA compliance activities. The SEMC settlement continues a pattern of...more
The September 23, 2013 deadline for covered entities, business associates and their subcontractors to comply with new HIPAA rules is fast approaching....more