The U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”), which enforces HIPAA, recently announced a new enforcement initiative, the Risk Analysis Initiative, in conjunction with OCR’s seventh...more
The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) recently released a revised version of its guidance titled “Use of Online Tracking Technologies by HIPAA Covered Entities and Business...more
Summer is in full swing, but the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) is doing anything but taking a vacation from HIPAA. In May and June, OCR issued five resolution agreements...more
HIPAA-covered entities should note the quickly approaching March 1, 2022 deadline for reporting breaches of unsecured protected health information that occurred in 2021 and involved fewer than 500 individuals. This article...more
1/26/2022
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
Patient Privacy Rights ,
PHI ,
Reporting Requirements
2020 was an active year for HIPAA regulatory activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In this article, we take a look at some of the HIPAA highlights from 2020 and...more
We have previously commented on OCR’s exercise of enforcement discretion and accompanying FAQs for covered entities during the COVID-19 public health emergency....more
In this update, we incorporate information on waivers of penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered health care providers in connection with the good faith provision of...more
A recent Resolution Agreement between a solo practitioner physician practice and the U.S. Department of Health and Human Services Office for Civil Rights (OCR) reveals how complying with HIPAA by reporting a business...more
After a quiet start, 2019 developed into another active enforcement year for HIPAA, with a notable flurry of activity in the last three months of 2019....more
The U.S. District Court for the District of Columbia has vacated controversial portions of the U.S. Department of Health and Human Service’s (“HHS”) regulations and guidance regarding access and copy fees for third party...more
On September 9, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced the first enforcement action and settlement in its Right of Access Initiative (the “Initiative”). ...more
In its second HIPAA resolution agreement of 2019, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) again emphasizes the importance of compliance with the HIPAA Security Rule and of both timely...more
In two recent pronouncements, the United States Department of Health and Human Services (HHS) has taken a balanced approach to interpreting the Health Insurance Portability and Accountability Act (HIPAA) regulations that...more
After a relatively slow first six months, 2018 turned into an active year for HIPAA enforcement, with the Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) announcing the largest-ever HIPAA...more
On February 13, 2018, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced its settlement with Filefax, Inc. to resolve alleged violations of the HIPAA Privacy Rule. Filefax was a...more
With the announcements from OCR of three resolution agreements and one civil money penalty as of mid-February, OCR is off to a record start for HIPAA enforcement in 2017, with double the announcements as the same time last...more
With OCR’s recent announcement of its first enforcement action for lack of timely breach notification and its increased focus on small breaches, the upcoming annual reporting deadline for small breaches takes on increased...more
The Office for Civil Rights within the U.S. Department of Health and Human Services (OCR) recently announced that it has increased its review of breaches of protected health information affecting fewer than 500 individuals....more
Through a series of releases in the first half of 2016, HHS Office for Civil Rights (“OCR”) issued guidance on the individual right of access to protected health information (“PHI”) provided under HIPAA. One topic with...more
HIPAA covered entities should note the looming February 29, 2016 reporting deadline for breaches of unsecured protected health information that occurred in 2015 and involved fewer than 500 individuals. This Alert provides a...more
HIPAA’s restrictions on the use or disclosure of protected health information (“PHI”) by a covered entity or business associate may be familiar to many in healthcare. Also familiar may be the exception that allows covered...more