What's New? On May 28, 2025, the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) announced an $800,000 settlement with a large Florida-based health care provider over potential violations of the...more
6/5/2025
/ Data Breach ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
HIPAA Security Rule ,
HIPAA Violations ,
OCR ,
PHI ,
Ransomware ,
Risk Management ,
Settlement
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) on December 27, 2024, to update the Health Insurance Portability and Accountability Act...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled two ransomware cases with covered entities. These cases signal the government's growing concern with health care...more
10/11/2024
/ Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
Popular ,
Ransomware ,
Risk Assessment ,
Settlement
There has been a notable emphasis on proactive enforcement of the privacy and security of protected health information in recent weeks as evidenced by multiple developments regarding compliance with the Health Insurance...more
On April 6, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a Request for Information (RFI) seeking public comment on "recognized security practices" and on sharing civil...more
4/11/2022
/ Business Associates ,
Civil Monetary Penalty ,
Covered Entities ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
NIST ,
OCR ,
Policies and Procedures ,
Public Comment
Organizations that meet the definition of "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) must be diligent to maintain the privacy and security...more
4/23/2019
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Use Policies ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Long Term Care Facilities ,
Long-Term Care ,
OCR ,
Passwords ,
Patient Privacy Rights ,
Patients ,
Phishing Scams ,
Popular ,
Portable Devices ,
Risk Assessment
On May 18, 2016, the Department of Health and Human Services (HHS) issued a final rule (the Rule) implementing the prohibition on discrimination under Section 1557 of the Affordable Care Act (ACA). Section 1557 prohibits...more
The HIPAA Breach Notification Rule requires covered entities to notify the Secretary of the Department of Health and Human Services (HHS) if a breach of unsecured protected health information (PHI) is discovered. As most...more