On August, 4, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Advocate Health Care Network (Advocate) agreed to pay a settlement amount of $5.55 million and adopt a...more
The U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced two settlements of more than $2 million each with respect to alleged violations of the Health Insurance Portability and...more
On July 11, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) issued guidance (the “Guidance”) for health care entities relating to ransomware and the Health Insurance Portability and...more
On June 30, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that a business associate providing management services to nursing homes in the Philadelphia, Pa. region agreed to...more
During the week of April 18, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced two significant settlements with a large New York City hospital and a North Carolina orthopaedic...more
4/26/2016
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Film Industry ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
Patient Privacy Rights ,
PHI ,
Prior Authorization ,
Public Disclosure ,
Settlement
On March 21, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”), announced the launch of the 2016 Phase 2 Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Audit...more
On March 17, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that the Feinstein Institution for Medical Research (“Feinstein”) agreed to pay $3.9 million to resolve...more
On March 16, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that North Memorial Health Care of Minnesota (“Memorial”) agreed to pay $1.55 million to resolve allegations that...more
The U.S. Department of Health & Human Services’ (“HHS”) Office for Civil Rights (“OCR”) and the Federal Trade Commission (“FTC”) were each involved in the resolution of high profile privacy matters in January 2016. The two...more
The January 6, 2016 Federal Register included a final rule (“Final Rule”) amending the HIPAA Privacy Rule to expressly permit certain “covered entities” to disclose to the National Instant Criminal Background Check System...more
On December 14, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a $750,000 settlement with the University of Washington (UW). This is the third HIPAA settlement announced by OCR...more
The U.S. Department of Health and Human Services, Office of Civil Rights (OCR), has announced a settlement with Lahey Hospital and Medical Center (Lahey) that arose out of a HIPAA breach involving a stolen laptop. The...more
On September 29, 2015, the Office of Inspector General (OIG) released two reports that reviewed the Office of Civil Rights’ (OCR) enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The...more
On September 2, 2015, the U.S. Department of Health and Human Services ("HHS") announced that it had entered into a Settlement Agreement with an Indiana-based medical practice for alleged violations of the Health Insurance...more
9/4/2015
/ Breach Notification Rule ,
Compliance ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
De-Identified Protected Health Information ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Personally Identifiable Information ,
PHI ,
Popular ,
Privacy Policy ,
Settlement Agreements
St. Elizabeth’s Medical Center (SEMC), a tertiary care hospital based in Brighton, Mass., agreed to pay $218,400 to address deficiencies in its HIPAA compliance activities. The SEMC settlement continues a pattern of...more
On April 27, 2015, the U.S. Department of Health and Human Services (HHS) announced that Cornell Prescription Pharmacy (CPP), a single-location pharmacy in the Denver, Colo. metropolitan area, agreed to settle alleged HIPAA...more
The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced on December 8, 2014 that a community behavioral health organization agreed to pay $150,000 and adopt a corrective action plan to...more
There are two important updates with respect to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). First, on September 17, 2014, the U.S. Department of Health and Human Services (HHS) issued guidance to...more
On June 11, 2014, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued two reports to Congress summarizing activities in calendar years 2011 and 2012. The Annual Report to Congress on...more
On March 28, 2014, the U.S. Department of Health and Human Services (“HHS”) announced the release of a security risk assessment (“SRA”) tool to assist small- to mid-sized providers in conducting risk assessments of their...more
One day after Christmas, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that a Massachusetts-based dermatology practice (Practice) agreed to a $150,000 payment and entered into a...more
The September 23, 2013 deadline for covered entities, business associates and their subcontractors to comply with new HIPAA rules is fast approaching....more
On July 8, 2013, WellPoint, Inc., a managed care company (“WellPoint”), agreed to pay a $1.7 million fine to settle a self-reported breach of HIPAA, a key federal health privacy law, that led to the unauthorized disclosure of...more