What's New? On May 28, 2025, the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) announced an $800,000 settlement with a large Florida-based health care provider over potential violations of the...more
6/5/2025
/ Data Breach ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
HIPAA Security Rule ,
HIPAA Violations ,
OCR ,
PHI ,
Ransomware ,
Risk Management ,
Settlement
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled two ransomware cases with covered entities. These cases signal the government's growing concern with health care...more
10/11/2024
/ Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
Popular ,
Ransomware ,
Risk Assessment ,
Settlement
The U.S. Department of Health and Human Services Centers for Medicare and Medicaid Services and Office of the Secretary (collectively, HHS) released on May 6, 2024, the agencies' Final Rule governing the implementation of...more
5/13/2024
/ Affordable Care Act ,
Anti-Discrimination Policies ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance ,
Non-Discrimination Rules ,
Notice Requirements ,
Policies and Procedures ,
Section 1557
The U.S. Department of Health and Human Services Centers for Medicare and Medicaid Services and the Office of the Secretary (collectively, HHS) released the agencies' Final Rule governing the implementation of Section 1557 of...more
5/13/2024
/ Affordable Care Act ,
Anti-Discrimination Policies ,
Centers for Medicare & Medicaid Services (CMS) ,
Department of Health and Human Services (HHS) ,
Disabilities ,
Health Care Providers ,
Health Insurance ,
Limited English Proficiency (LEP) ,
Medicaid ,
Medicare ,
Non-Discrimination Rules ,
Section 1557
A public cybersecurity advisory was issued yesterday about a likely ransomware attack against the health care and public health sector. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
FBI ,
Health Care Providers ,
Health Information Technologies ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Hospitals ,
Public Health ,
Ransomware ,
Risk Mitigation
On January 23, 2020, the United States District Court for the District of Columbia declared sections of the 2013 Omnibus Rule unlawful. The Court found that the Department of Health and Human Services (HHS) impermissibly...more
2/5/2020
/ Administrative Procedure Act ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
EHR ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Access Request ,
HIPAA Omnibus Rule ,
HITECH Act ,
Lack of Authority ,
Notice and Comment ,
PHI ,
Popular ,
Third-Party Rights ,
Unlawful Policies ,
Vendors
The growing concern over opioid abuse has prompted both the federal government and many states to address concerns over referrals for substance abuse treatment. Tennessee recently addressed the issue in House Bill No. 2068,...more
10/30/2018
/ Anti-Kickback Statute ,
Civil Monetary Penalty ,
Drug & Alcohol Abuse ,
Drug Treatment ,
False Statements ,
Health Care Providers ,
Hospitals ,
Marketing ,
New Legislation ,
Opioid ,
Patient Referrals ,
State and Local Government ,
Substance Abuse
On January 3, 2018, the Substance Abuse and Mental Health Services Administration (SAMHSA) issued a final rule to revise 42 CFR Part 2, the federal regulations governing confidentiality of certain substance abuse patients'...more
1/19/2018
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Billing ,
Centers for Medicare & Medicaid Services (CMS) ,
Code of Federal Regulations (CFR) ,
Confidential Information ,
Disclosure Requirements ,
EHR ,
Final Rules ,
Health Care Providers ,
Medicaid ,
Medicare ,
Medicare Administrative Contractors (MAC) ,
Mental Health ,
Patient Privacy Rights ,
SAMHSA ,
Subcontractors ,
Substance Abuse
The U.S. Department of Health & Human Services (HHS) and the Substance Abuse and Mental Health Services Administration (SAMHSA) have issued a Proposed Rule to revise 42 C.F.R. Part 2 (Part 2 Regulations) – the federal...more
It has long been established that there was no private right of action with regard to HIPAA. All providers must be aware that state courts are beginning to turn the tide regarding such liability. On November 11, 2014, the...more