At the very top of Fisher-Titus Medical Center’s website is a link to the Change Healthcare HIPAA notice informing visitors of the last day to register for credit monitoring related to the world’s largest breach, which...more
8/18/2025
/ Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Department of Homeland Security (DHS) ,
Federal Funding ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Security Rule ,
Hospitals ,
New Legislation ,
OCR ,
Popular ,
Regulatory Requirements ,
Risk Management ,
Rural Health Care Providers
In the end, the final termination letter arrived in the mail on July 18.
For nearly three months—about half of the length of time she was director of the HHS Office for Human Research Protections (OHRP)—Molly Klote, M.D.,...more
7/28/2025
/ Department of Health and Human Services (HHS) ,
Employment Litigation ,
Government Agencies ,
Healthcare ,
Healthcare Reform ,
Hiring & Firing ,
Human Resources Professionals ,
Office for Human Research Protections (OHRP) ,
Regulatory Agencies ,
Regulatory Requirements ,
Termination
In the 18 months since the Change Healthcare breach occurred, class action suits—filed by both patients and providers—continue to multiply, with no resolution yet in sight. In fact, in late June, the Minnesota judge presiding...more
A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different...more
6/18/2025
/ Breach Notification Rule ,
Compliance ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Healthcare ,
Healthcare Reform ,
HIPAA Violations ,
Hospitals ,
OCR ,
PHI ,
Privacy Laws ,
Settlement ,
Settlement Agreements
Research universities have had one less worry (at least temporarily) since Judge Angel Kelley of the U.S. District Court for the District of Massachusetts granted a preliminary restraining order prohibiting NIH from imposing...more
4/1/2025
/ Compliance ,
Congressional Committees ,
Federal Funding ,
Government Agencies ,
Healthcare ,
Legislative Agendas ,
Regulatory Reform ,
Research and Development ,
Scientific Research ,
Transparency ,
Universities
Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more
3/12/2025
/ Business Associates ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
OCR ,
PHI ,
Privacy Laws ,
Trump Administration
If NIH succeeds in imposing an across-the-board indirect cost rate of 15%, rough estimates indicate the University of Michigan could lose $119 million a year. Emory University could be down $75 million. For the University of...more
3/3/2025
/ Compliance ,
Department of Health and Human Services (HHS) ,
Discrimination ,
Diversity ,
Diversity and Inclusion Standards (D&I) ,
Executive Orders ,
Federal Contractors ,
Federal Funding ,
Grants ,
Healthcare ,
Legislative Agendas ,
Mental Health ,
National Institute of Health (NIH) ,
New Legislation ,
New Regulations ,
OMB ,
Regulatory Agenda ,
Research and Development ,
Restraining Orders ,
Secretary of HHS ,
Trump Administration
Recent federal enforcement actions have brought home the lesson that there’s really no acceptable reason for denying a patient timely access to medical records. Last year, for example, the HHS Office for Civil Rights (OCR)...more
1/22/2025
/ Breach Notification Rule ,
Compliance ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Information Technology ,
OCR ,
Patient Privacy Rights ,
Privacy Laws ,
Privacy Rule ,
Ransomware ,
State Privacy Laws
In 2023, after two years of study, an NIH task force proposed a series of recommendations to improve stewardship of research it funds, including that the agency adopt “stopping rules” that would allow poorly designed or low...more
1/7/2025
/ Clinical Trials ,
Compliance ,
Coronavirus/COVID-19 ,
Healthcare ,
Institutional Review Board (IRB) ,
Investigations ,
Medical Research ,
National Institute of Health (NIH) ,
Policies and Procedures ,
Regulatory Requirements ,
Research and Development ,
Research Funding ,
SACHRP ,
Scientific Research ,
Secretary of HHS
It’s not immediately obvious why someone would want to disclose a health care test result as part of a job application. But one such request spurred a Pennsylvania entity to provide a lot more than that: it sent her whole...more
12/19/2024
/ Breach Notification Rule ,
Certifications ,
Chief Compliance Officers ,
Compliance ,
Corporate Governance ,
Corrective Action Plans (CAPs) ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure ,
Disclosure Requirements ,
Employer Liability Issues ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Job Applicants ,
Medical Records ,
OCR ,
Patients ,
Penalties ,
PHI ,
Popular ,
Privacy Laws ,
Sensitive Personal Information ,
Training Requirements ,
Unlawful Disclosure
Covered entities (CEs) and business associates (BAs) may receive a “discount” for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more
11/14/2024
/ American Hospital Association ,
Business Associates ,
Compliance ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Fines ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Violations ,
OCR ,
Personal Information ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Requirements ,
Security Rule
On the heels of a $7.6 million payment by Cleveland Clinic to settle allegations of False Claims Act (FCA) violations and unallowable sharing of passwords, Michael Lauer, NIH deputy director for extramural research, penned a...more
11/4/2024
/ Compliance ,
Corrective Action Plans (CAPs) ,
Cybersecurity ,
Disclosure Requirements ,
Enforcement Actions ,
False Claims Act (FCA) ,
False Reporting ,
Federal Grants ,
Food and Drug Administration (FDA) ,
Harassment ,
Healthcare ,
HHS Office of Research Integrity (ORI) ,
Information Sharing ,
Investigations ,
Life Sciences ,
Medical Research ,
National Institute of Health (NIH) ,
National Science Foundation ,
Office for Human Research Protections (OHRP) ,
OIG ,
Policies and Procedures ,
SACHRP ,
Scientific Research ,
Settlement ,
Sexual Harassment ,
Statutory Requirements ,
Warning Letters
Now that the HHS Office for Research Integrity (ORI) has published its final rule revising 2005 regulations governing misconduct, compliance officials could be engaging in three activities simultaneously: checking to see if...more
10/1/2024
/ Academic Misconduct ,
Compliance ,
Department of Health and Human Services (HHS) ,
Final Rules ,
Healthcare ,
HHS Office of Research Integrity (ORI) ,
New Regulations ,
NPRM ,
Policies and Procedures ,
Regulatory Requirements ,
Research and Development
Report on Research Compliance 21, no. 9 (September, 2024) -
How many types of falsehoods might sully applications for research funds and the studies they support? Unfortunately, the most recent semiannual report to...more
9/5/2024
/ Academic Misconduct ,
Compliance ,
False Claims Act (FCA) ,
False Reporting ,
Fraud ,
Government Agencies ,
Health Care Providers ,
Healthcare ,
HHS Office of Research Integrity (ORI) ,
Medical Records ,
National Science Foundation ,
OIG ,
Research and Development ,
Settlement
Unleashed on June 27, 2017, NotPetya caused an estimated $10 billion in damages globally, among the costliest ransomware attacks in history. In 2018, the Trump administration—in tandem with the British government—blamed...more
8/21/2024
/ Corrective Action Plans (CAPs) ,
Cyber Attacks ,
Cybersecurity ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
HIPAA Security Rule ,
Malware ,
OCR ,
Patients ,
Privacy Laws ,
Settlement
Attestations are at the heart of permissible disclosures under the HHS Office for Civil Rights’ (OCR) new reproductive health privacy rule—and OCR wants covered entities (CEs) and business associates (BA) to use them now. The...more
7/16/2024
/ Attestation Requirements ,
Breach Notification Rule ,
Covered Entities ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Disclosure ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Labeling ,
OCR ,
Patient Privacy Rights ,
Patients ,
PHI ,
Privacy Laws
Attorney Peter Zeidenberg was surprised to learn that NIH had successfully clawed back $3.6 million—plus a nearly 100% penalty—from Cleveland Clinic. The Department of Justice (DOJ) claimed the award funds were ill-gotten...more
6/10/2024
/ Clawbacks ,
Compliance ,
Corrective Action Plans (CAPs) ,
Department of Justice (DOJ) ,
Disclosure ,
False Claims Act (FCA) ,
Healthcare ,
National Institute of Health (NIH) ,
Regulatory Requirements ,
Settlement ,
Universities
United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more
5/13/2024
/ Business Associates ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Hackers ,
Health Care Providers ,
Healthcare ,
Legislative Agendas ,
OCR ,
Patients ,
Personal Information ,
Popular ,
Privacy Laws ,
Regulatory Oversight ,
Regulatory Requirements
Organizations typically deal with ransomware attacks out of the public eye, but the massive scale of United Healthcare Group’s (UHG) February breach made that an impossibility. UHG CEO Andrew Witty was recently on the hot...more
5/13/2024
/ Breach Notification Rule ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Facilities ,
Incident Response Plans ,
Medical Records ,
Patients ,
Popular ,
Privacy Laws ,
Ransomware
Some funding applications submitted to NIH beginning Jan. 25 will face new requirements and undergo a revised peer review process. To prepare investigators and institutions, NIH launched a dedicated website with details about...more
5/2/2024
/ Centers for Medicare & Medicaid Services (CMS) ,
Clinical Trials ,
Department of Health and Human Services (HHS) ,
Food and Drug Administration (FDA) ,
Healthcare ,
Life Sciences ,
National Institute of Health (NIH) ,
National Science Foundation ,
OIG ,
Professional Misconduct ,
Research and Development ,
Scientific Research ,
The Common Rule
In September 2015, while working in an office on the grounds of Mercy Hospital in Miami, Ivette Maria Portela Martinez learned about an upcoming clinical trial for treatment of symptoms of Clostridium difficile infections and...more
3/27/2024
/ Clinical Trials ,
Criminal Conspiracy ,
Criminal Convictions ,
Criminal Prosecution ,
Department of Justice (DOJ) ,
False Statements ,
Food and Drug Administration (FDA) ,
Health Care Providers ,
Healthcare ,
Investigations ,
Life Sciences ,
Medical Research ,
Pharmaceutical Industry ,
Popular ,
Research and Development ,
Scientific Research ,
Wire Fraud
Although the HHS Office for Civil Rights (OCR) described its recent $4.75 million agreement with a Bronx, New York, hospital as settling a “malicious insider cybersecurity investigation,” the agency considered a total of 11...more
3/12/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Employees ,
Enforcement Actions ,
Health Care Providers ,
Healthcare ,
HIPAA Security Rule ,
HIPAA Violations ,
Hospitals ,
Internal Investigations ,
Popular ,
Risk Assessment ,
Settlement
The Food and Drug Administration (FDA) is seeking strategies from Jeffrey W. Taub, M.D., to prevent future violations of human subject regulations the agency said were documented during site visits in September and October...more
1/30/2024
/ AAMC ,
Cancer ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Food and Drug Administration (FDA) ,
GAO ,
Healthcare ,
Legislative Agendas ,
Life Sciences ,
Medical Research ,
National Institute of Health (NIH) ,
National Science Foundation ,
OSTP ,
Proposed Legislation ,
Proposed Regulation ,
Regulatory Requirements ,
Scientific Research ,
Technology
If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more
1/17/2024
/ Amended Rules ,
Corrective Action Plans (CAPs) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Employee Training ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Security Rule ,
HIPAA Violations ,
OCR ,
PHI ,
Policies and Procedures ,
Proposed Regulation ,
Regulatory Reform ,
Right-To-Access ,
Security Risk Assessments ,
Settlement
The Department of Commerce and the National Institute of Standards and Technology are requesting comments on a “draft guidance framework designed to help federal agencies evaluate when it may be appropriate to exercise...more
12/22/2023
/ Bayh-Dole Act ,
Comment Period ,
Compliance ,
Department of Health and Human Services (HHS) ,
Falsified Documents ,
Fraud ,
Healthcare ,
HHS Office of Research Integrity (ORI) ,
Inventions ,
Life Sciences ,
March-In Rights ,
Medical Research ,
National Science Foundation ,
NIST ,
OIG ,
Patents ,
Scientific Research ,
Technology ,
U.S. Commerce Department ,
Universities ,
USPTO