On July 7, 2025, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a $225,000 settlement with Deer Oaks – The Behavioral Health Solution (“Deer Oaks”), a provider of...more
In the past several weeks, the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR") has announced settlements with three health care organizations — Comstar, LLC ("Comstar"); Guam Memorial...more
On February 20, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $1.5 million civil money penalty (CMP) against Warby Parker, Inc. (WP). WP is a manufacturer and online...more
December 2024 was an active month for the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"). OCR announced (i) a $1.19 million civil monetary penalty ("CMP") against Gulf Coast Pain...more
1/9/2025
/ Civil Monetary Penalty ,
Compliance ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Popular ,
Settlement
On November 1, 2024, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a $90,000 settlement with Bryan County Ambulance Authority (“BCAA”), a provider of emergency medical...more
11/21/2024
/ Corrective Action Plans (CAPs) ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Security Rule ,
OCR ,
PHI ,
Ransomware ,
Settlement
On October 31, 2024, the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”) announced a $500,000 settlement with Plastic Surgery Associates of South Dakota (“PSA”) concerning potential...more
11/11/2024
/ Compliance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
PHI ,
Settlement
In late September 2024, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a settlement with Cascade Eye and Skin Centers, P.C., a health care provider in the state of...more
10/8/2024
/ Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Ransomware ,
Settlement
On February 14, 2024, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued two reports to Congress as required by the Health Information Technology for Economic and Clinical Health...more
3/6/2024
/ Corrective Action Plans (CAPs) ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
OCR ,
Popular ,
Ransomware ,
Risk Management ,
Settlement
On February 16, 2024, the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a final version of the cybersecurity resource guide (the “Guide”) with respect to the HIPAA...more
On February 6, 2024, the HHS Office for Civil Rights (“OCR”) announced a settlement with Montefiore Medical Center (“MMC”) for alleged HIPAA Security Rule violations and MMC agreed to pay $4.75 million and enter into a...more
In December 2023, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced a $480,000 settlement with a Louisiana medical group following a phishing incident. In 2021, the medical...more
On Halloween, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $100,000 settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement on June 28, 2023 of potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced two settlements with HIPAA-covered entities – one in Washington State and one in New Jersey with settlements of $240,000...more
Earlier this month, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced two (2) different settlements, one with a HIPAA business associate for $350,000 and one with a...more
The 2021 calendar year reports from HHS OCR describe OCR’s efforts that calendar year and are instructive tools for all parties who need to comply with HIPAA to understand macro-level trends....more
October was National Cybersecurity Month. As part of its ongoing focus on HIPAA Security Rule awareness and compliance, the Office for Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”),...more
In one of the final health care-related actions by the Trump Administration, on January 15, 2021, the United States Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced that Excellus Health...more
On October 30, 2020, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $202,400 Resolution Agreement and Corrective Action Plan (CAP) with the City of New Haven, Connecticut...more
On September 25, 2020, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) issued a press release announcing that Premera Blue Cross (Premera) had agreed to pay $6,850,000 and...more
On September 23, 2020, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) announced that CHSPSC LLC, (CHSPSC) agreed to pay $2,300,000 and adopt a Corrective Action Plan (CAP) to...more
On September 21, 2020 the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS), announced that Athens Orthopedic Clinic PA (AOC) agreed to pay $1,500,000, enter into a Resolution...more
More than 400 dental offices across the United States were the victim of a recent ransomware attack that prevented dentists from accessing patient records and patient personal data. ...more
IBM Security and the Ponemon Institute recently released their 2019 Cost of Data Breach Report (the “Report”). This is the 14th annual report these groups have published. ...more
On May 6, 2019, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced that Touchstone Medical Imaging (TMI) agreed to pay $3,000,000 to settle alleged HIPAA violations arising out of...more