On July 23, 2020, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a resolution agreement with a small health care provider regarding an alleged breach of HIPAA Security Rule...more
We have previously commented on OCR’s exercise of enforcement discretion and accompanying FAQs for covered entities during the COVID-19 public health emergency....more
On March 20, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance in the form of FAQs in follow up to its Notification of Enforcement Discretion for good faith provision of...more
In this update, we incorporate information on waivers of penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of...more
A recent Resolution Agreement between a solo practitioner physician practice and the U.S. Department of Health and Human Services Office for Civil Rights (OCR) reveals how complying with HIPAA by reporting a business...more
After a quiet start, 2019 developed into another active enforcement year for HIPAA, with a notable flurry of activity in the last three months of 2019....more
The U.S. District Court for the District of Columbia has vacated controversial portions of the U.S. Department of Health and Human Service’s (“HHS”) regulations and guidance regarding access and copy fees for third party...more
On September 9, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced the first enforcement action and settlement in its Right of Access Initiative (the “Initiative”). ...more
In its second HIPAA resolution agreement of 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) again emphasizes the importance of compliance with the HIPAA Security Rule and of both timely...more
In two recent pronouncements, the United States Department of Health and Human Services (HHS) has taken a balanced approach to interpreting the Health Insurance Portability and Accountability Act (HIPAA) regulations that...more
After a relatively slow first six months, 2018 turned into an active year for HIPAA enforcement, with the Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) announcing the largest-ever HIPAA...more
Ciox Health, LLC (“Ciox”), a release of information (“ROI”) vendor that contracts with hospitals and other healthcare providers to fulfill requests for copies of medical records, filed suit against the U.S. Department of...more
From an Atlanta plastic surgeon’s mid-surgery music videos, to illicit pictures of patients shared among nurses, misuse of photography and videos in the healthcare setting can carry substantial legal risks. ...more
On February 13, 2018, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced its settlement with Filefax, Inc. to resolve alleged violations of the HIPAA Privacy Rule. Filefax was a...more
In recent years, the CFPB has struck fear into the C-suites of financial services companies. The agency was extraordinarily active in rulemaking that addresses every aspect of lending, prepaid cards and arbitration clauses in...more
1/17/2018
/ Civil Investigation Demand ,
Consumer Financial Protection Bureau (CFPB) ,
Cybersecurity ,
Department of Labor (DOL) ,
Employer Liability Issues ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Popular ,
Sexual Harassment ,
Tax Cuts and Jobs Act ,
Tax Reform ,
Wage and Hour
The annual AHLA Health Care Transactions Conference provides valuable insights into transaction strategies, commercial developments, and legal issues affecting contemporary health care transactions, as well as unique...more
With the announcements from OCR of three resolution agreements and one civil money penalty as of mid-February, OCR is off to a record start for HIPAA enforcement in 2017, with double the announcements as the same time last...more
With OCR’s recent announcement of its first enforcement action for lack of timely breach notification and its increased focus on small breaches, the upcoming annual reporting deadline for small breaches takes on increased...more
The Office for Civil Rights within the U.S. Department of Health and Human Services (OCR) recently announced that it has increased its review of breaches of protected health information affecting fewer than 500 individuals....more
Via an August 5, 2016, letter, the Centers for Medicare & Medicaid Services (CMS) instructed State Survey Agency Directors to survey “nursing home policies and procedures related to prohibiting nursing home staff from taking...more
HHS Office for Civil Rights (OCR) recently issued guidance addressing its approach to the 2016 Phase II HIPAA Desk Audits. In its announcement of the guidance, OCR emphasized the broader applicability of these resources...more
On July 11, 2016, e-mail notification was sent to 167 covered entities alerting them of their inclusion in the desk audit portion of OCR’s 2016 HIPAA audit program. Selected covered entities must respond no later than July...more
Through a series of releases in the first half of 2016, HHS Office for Civil Rights (“OCR”) issued guidance on the individual right of access to protected health information (“PHI”) provided under HIPAA. One topic with...more
HIPAA covered entities should note the looming February 29, 2016 reporting deadline for breaches of unsecured protected health information that occurred in 2015 and involved fewer than 500 individuals. This Alert provides a...more
HIPAA’s restrictions on the use or disclosure of protected health information (“PHI”) by a covered entity or business associate may be familiar to many in healthcare. Also familiar may be the exception that allows covered...more