Breach Notification Rule, Data Breach, Hospitals

From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math

Health Care Compliance Association (HCCA) on 6/18/2025

A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different...more

Report on Patient Privacy Volume 20, Number 6. Privacy Briefs: June 2020

Health Care Compliance Association (HCCA) on 6/16/2020

Report on Patient Privacy 20, no. 6 (June 2020): A divided Indiana Court of Appeals has reinstated a patient’s claim that a hospital is vicariously liable for the actions of a medical assistant who accessed the patient’s...more

Misdirected Hospital Bills Lead to $2.175 Million HIPAA Settlement

Robinson+Cole Data Privacy + Security Insider on 12/4/2019

On November 27, 2019 the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach...more

Hospitals In The Crosshairs: Managing Cybersecurity Risk (2)

Mitchell, Williams, Selig, Gates & Woodyard,... on 11/5/2018

In our last article, we showed you how to evaluate where your organization sits on the landscape of readiness and preparedness. In this concluding article, we identify concrete steps you can immediately employ to move your...more

Hospitals In The Crosshairs: Managing Cybersecurity Risk (Part 1)

Mitchell, Williams, Selig, Gates & Woodyard,... on 11/5/2018

From the recent headline-grabbing attacks on hospitals and municipalities, the specter of cybersecurity threats looms large. As a result, spending on cybersecurity initiatives is expected to reach $96 billion this year....more

Recent HIPAA Settlements Highlight Importance Of Business Associate Agreements

Fisher Phillips on 11/3/2016

Two related healthcare companies were forced to pay settlements with the federal government totaling over $500,000 over allegations relating to a data breach involving patient health information. Much of the negative...more

HSS Issues New Guidance on Ransomware Attacks Against HIPAA-Covered Entities

Patterson Belknap Webb & Tyler LLP on 8/9/2016

Ransomware attacks at hospitals and other healthcare facilities have dramatically increased over the last several years, putting healthcare providers in the uncomfortable position of having to consider paying thousands of...more

“Your Money or Your PHI”: OCR Releases Guidance on Ransomware

Mintz - Health Care Viewpoints on 7/12/2016

On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more

Don't Wait for It; Recent HIPAA Enforcement Action Signal More to Come in Phase 2 Audits

Orrick, Herrington & Sutcliffe LLP on 9/21/2015

Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more

A Federal District Court in Florida Finds Hospital System Properly Terminated a Professional Services Contract for a HIPAA Breach

Dickinson Wright on 9/9/2013

The U.S. District Court for the Southern District of Florida found on June 20, 2013 that defendant Community Health Systems, Inc., and its affiliated hospital, Salem Hospital (collectively, “CHS”) properly terminated a...more

Breach Notification Rule › Data Breach › Hospitals

"My best business intelligence, in one easy email…"