Reflecting thwarted desires to continue their terms, while answering calls from trial administrators and oversight leaders, seven former members of the highest-ranking federal advisory panel on human research...more
A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different...more
6/18/2025
/ Breach Notification Rule ,
Compliance ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Healthcare ,
Healthcare Reform ,
HIPAA Violations ,
Hospitals ,
OCR ,
PHI ,
Privacy Laws ,
Settlement ,
Settlement Agreements
When Jerry Menikoff retired at the end of 2022 after leading the HHS Office for Human Research Protections (OHRP) for 14 years, he left behind an agency limping along with 20 employees, less than half of what it needed. For...more
5/28/2025
/ Biden Administration ,
Compliance ,
Department of Health and Human Services (HHS) ,
Employees ,
Enforcement ,
Federal Funding ,
Government Agencies ,
Hiring & Firing ,
National Institute of Health (NIH) ,
OCR ,
Office for Human Research Protections (OHRP) ,
Regulatory Oversight ,
Trump Administration
In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having “recognized security practices” (RSPs) in place. But many more covered...more
5/12/2025
/ Business Associates ,
Compliance ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Penalties ,
Privacy Laws ,
Regulatory Reform ,
Security and Privacy Controls ,
Trump Administration
When it comes to changes roiling the federally supported research landscape, April offered no letup from the first three months of the year; if anything, the pace and magnitude increased. In one instance, an agency—the HHS...more
5/9/2025
/ Budget Cuts ,
Compliance ,
Department of Energy (DOE) ,
Department of Government Efficiency (DOGE) ,
Department of Health and Human Services (HHS) ,
Employees ,
Enforcement ,
Government Agencies ,
Grants ,
Institutional Review Board (IRB) ,
Investigations ,
National Institute of Health (NIH) ,
Office for Human Research Protections (OHRP) ,
Popular ,
Regulatory Oversight ,
Regulatory Reform ,
Research and Development ,
SACHRP
Today, the HHS Office for Civil Rights (OCR) stands shoulder-to-shoulder with the likes of the Office of Inspector General and Office of General Counsel, one of just a dozen or so agencies reporting directly to the secretary....more
4/15/2025
/ Budget Cuts ,
Charter Schools ,
Compliance ,
Cybersecurity ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Actions ,
Federal Funding ,
Health Care Providers ,
Hiring & Firing ,
Medical School ,
OCR ,
Patient Privacy Rights ,
Patients ,
Privacy Laws ,
Regulatory Requirements ,
Trump Administration
If NIH succeeds in imposing an across-the-board indirect cost rate of 15%, rough estimates indicate the University of Michigan could lose $119 million a year. Emory University could be down $75 million. For the University of...more
3/3/2025
/ Compliance ,
Department of Health and Human Services (HHS) ,
Discrimination ,
Diversity ,
Diversity and Inclusion Standards (D&I) ,
Executive Orders ,
Federal Contractors ,
Federal Funding ,
Grants ,
Healthcare ,
Legislative Agendas ,
Mental Health ,
National Institute of Health (NIH) ,
New Legislation ,
New Regulations ,
OMB ,
Regulatory Agenda ,
Research and Development ,
Restraining Orders ,
Secretary of HHS ,
Trump Administration
The saga that led Children’s Hospital Colorado to accept a fine of more than $500,000 imposed by the HHS Office for Civil Rights (OCR) began on July 11, 2017, when a physician’s email account containing details on 3,300...more
2/7/2025
/ Civil Monetary Penalty ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Hospitals ,
OCR ,
PHI ,
Privacy Laws ,
Risk Management
Scientist and pharmaceutical researcher Andrew P. Mallon—who first reported to NIH and others in 2016 his suspicions that then-Athira Pharma CEO Leen Kawas falsified data in published papers—filed the whistleblower suit...more
1/27/2025
/ Academic Misconduct ,
Compliance ,
Corporate Misconduct ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Fraud ,
Medical Research ,
National Institute of Health (NIH) ,
OIG ,
Pharmaceutical Industry ,
Regulatory Oversight ,
Research Funding ,
Scientific Research ,
Settlement ,
Whistleblower Awards ,
Whistleblower Protection Policies ,
Whistleblowers
It’s not immediately obvious why someone would want to disclose a health care test result as part of a job application. But one such request spurred a Pennsylvania entity to provide a lot more than that: it sent her whole...more
12/19/2024
/ Breach Notification Rule ,
Certifications ,
Chief Compliance Officers ,
Compliance ,
Corporate Governance ,
Corrective Action Plans (CAPs) ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure ,
Disclosure Requirements ,
Employer Liability Issues ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Job Applicants ,
Medical Records ,
OCR ,
Patients ,
Penalties ,
PHI ,
Popular ,
Privacy Laws ,
Sensitive Personal Information ,
Training Requirements ,
Unlawful Disclosure
Covered entities (CEs) and business associates (BAs) may receive a “discount” for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more
11/14/2024
/ American Hospital Association ,
Business Associates ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Violations ,
OCR ,
Personal Information ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Security Rule
Let’s review for a moment.
It’s not a HIPAA violation to be a victim of ransomware.
It’s not a HIPAA violation to pay a ransom.
It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
10/16/2024
/ Compliance ,
Covered Entities ,
Cyber Attacks ,
Cyber Incident Reporting ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Investigations ,
OCR ,
Patients ,
Popular ,
Privacy Laws ,
Ransomware ,
Regulatory Requirements ,
Settlement
Now that the HHS Office for Research Integrity (ORI) has published its final rule revising 2005 regulations governing misconduct, compliance officials could be engaging in three activities simultaneously: checking to see if...more
10/1/2024
/ Academic Misconduct ,
Compliance ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Healthcare ,
HHS Office of Research Integrity (ORI) ,
New Regulations ,
NPRM ,
Policies and Procedures ,
Regulatory Requirements ,
Research and Development
Sheila Garrity, director of the HHS Office of Research Integrity (ORI), recently spoke to RRC about the agency‘s new rule revising research misconduct regulations, which has a compliance date of Jan. 1, 2026 (see related...more
Report on Research Compliance 21, no. 9 (September, 2024) -
Based on their review of public data on ClinicalTrials.gov, a bipartisan quartet of U.S. representatives has asked the Food and Drug Administration (FDA) to...more
9/5/2024
/ Academic Misconduct ,
Artificial Intelligence ,
Audits ,
Biopharmaceutical ,
China ,
Clinical Trials ,
Department of Health and Human Services (HHS) ,
Disclosure Requirements ,
Food and Drug Administration (FDA) ,
Fraud ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Institutional Review Board (IRB) ,
Life Sciences ,
National Science Foundation ,
Office for Human Research Protections (OHRP) ,
OIG ,
Reporting Requirements ,
Research and Development
The Food and Drug Administration (FDA) has given Massachusetts Institute of Technology (MIT) 15 days from receipt of its June 21 warning letter to elaborate on corrective actions to address violations of federal requirements...more
8/6/2024
/ Antitrust Division ,
Chief Compliance Officers ,
Chief Ethics and Compliance Officers (CECO) ,
Code of Federal Regulations (CFR) ,
Compliance ,
Coronavirus/COVID-19 ,
Corrective Actions ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Ethics ,
False Statements ,
Food and Drug Administration (FDA) ,
Institutional Review Board (IRB) ,
National Science Foundation ,
Office of Laboratory Animal Welfare (OLAW) ,
OIG ,
Pharmaceutical Industry ,
Research and Development ,
Settlement Agreements ,
Technology Sector ,
Vaccinations ,
Warning Letters ,
Wire Fraud
Attestations are at the heart of permissible disclosures under the HHS Office for Civil Rights’ (OCR) new reproductive health privacy rule—and OCR wants covered entities (CEs) and business associates (BA) to use them now. The...more
7/16/2024
/ Attestation Requirements ,
Breach Notification Rule ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Labeling ,
OCR ,
Patient Privacy Rights ,
Patients ,
PHI ,
Privacy Laws
New York Medical College (NYMC) officials thought the HHS Office of Inspector General’s (OIG) audit was wrapping up in December 2021, based on what “the original senior auditor” told them. But the auditor retired and work...more
5/24/2024
/ Auditors ,
Audits ,
Compliance ,
Department of Health and Human Services (HHS) ,
Educational Institutions ,
FCOI ,
Medical Research ,
National Institute of Health (NIH) ,
OIG ,
Policies and Procedures ,
Popular ,
Regulatory Oversight ,
Regulatory Requirements ,
Reporting Requirements ,
Research and Development ,
Research Funding ,
Scientific Research
Some funding applications submitted to NIH beginning Jan. 25 will face new requirements and undergo a revised peer review process. To prepare investigators and institutions, NIH launched a dedicated website with details about...more
5/24/2024
/ Audits ,
Compliance ,
Department of Health and Human Services (HHS) ,
Draft Guidance ,
Food and Drug Administration (FDA) ,
Fund Applications ,
Grants ,
HHS Office of Research Integrity (ORI) ,
Informed Consent ,
Labeling ,
Logos ,
National Institute of Health (NIH) ,
National Science Foundation ,
Noncompliance ,
Prescription Drugs ,
Professional Misconduct ,
Required Documentation ,
Scientific Research ,
Terms and Conditions
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
5/13/2024
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Hackers ,
Health Care Providers ,
Healthcare ,
Legislative Agendas ,
OCR ,
Patients ,
Personal Information ,
Popular ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Requirements
Some funding applications submitted to NIH beginning Jan. 25 will face new requirements and undergo a revised peer review process. To prepare investigators and institutions, NIH launched a dedicated website with details about...more
5/2/2024
/ Centers for Medicare & Medicaid Services (CMS) ,
Clinical Trials ,
Department of Health and Human Services (HHS) ,
Food and Drug Administration (FDA) ,
Healthcare ,
Life Sciences ,
National Institute of Health (NIH) ,
National Science Foundation ,
OIG ,
Professional Misconduct ,
Research and Development ,
Scientific Research ,
The Common Rule
In December 2022, Julie Kaneshiro—then deputy director of the HHS Office for Human Research Protections (OHRP)—disclosed that the agency had 32 positions but that only 20 were filled, leaving 12 vacant or “on hold,” due to...more
The HHS Office of Research Integrity (ORI) gets an “A” for effort on its new proposed regulation revising research misconduct rules, but maybe a “D” overall. Most of the nearly 200 comments on the proposed rule posted online...more
The Association of American Universities (AAU) and the Council on Governmental Relations (COGR) are among a handful of groups “urging the Biden administration to rescind a policy proposal that would threaten the American...more
2/26/2024
/ Auditors ,
Audits ,
Bayh-Dole Act ,
Biden Administration ,
Compliance ,
Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Environmental Protection Agency (EPA) ,
Innovation Patent ,
Inventions ,
Inventors ,
Medical Records ,
National Security Agency (NSA) ,
NIST ,
OCR ,
OIG ,
Patents ,
Personal Data ,
Rescission ,
Research and Development ,
Settlement ,
Technology Sector ,
Universities
The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth.
In fact, in 2022, the Government Accountability...more
2/9/2024
/ Centers for Medicare & Medicaid Services (CMS) ,
Compliance ,
Cyber Threats ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
GAO ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Privacy Laws ,
Risk Assessment ,
Risk Management ,
Risk Mitigation ,
Telehealth