News & Analysis as of

Business Associates Enforcement Actions

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Ogletree, Deakins, Nash, Smoak & Stewart,...

2025 Enforcement Trends: Risk Analysis Failures at the Center of HHS’s Multimillion-Dollar HIPAA Penalties

Ogletree, Deakins, Nash, Smoak & Stewart,... on

In the first five months of 2025, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution...more

Holland & Knight LLP

U.S. Health Data Affected by New National Security Restrictions on International Data Transfers

Holland & Knight LLP on

Health Insurance Portability and Accountability Act (HIPAA)-covered entities and business associates should be familiar with restrictions on the use or disclosure of protected health information (PHI) under HIPAA rules....more

Health Care Compliance Association (HCCA)

Former OCR Director Fontes Rainer Reflects On ‘Imperfect’ RSP Law, Urges Final Security Reg

Health Care Compliance Association (HCCA) on

In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having “recognized security practices” (RSPs) in place. But many more covered...more

Foley Hoag LLP - Security, Privacy and the...

HHS OCR Settles HIPAA Security Rule Investigation with Health Fitness Corporation

Foley Hoag LLP - Security, Privacy and the... on

On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more

Jackson Lewis P.C.

Health Fitness, OCR’s Risk Analysis Initiative, and the ERISA Fiduciary Duty to Select Plan Service Providers

Jackson Lewis P.C. on

On Friday, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced the fifth enforcement action under its Risk Analysis Initiative. In this case, OCR reached a settlement with Health...more

Gardner Law

Recent Enforcement Reminds Companies: Assess HIPAA Compliance

Gardner Law on

A HIPAA compliance assessment is an evaluation of an organization's practices, policies, and procedures to ensure that they align with requirements from the Health Insurance Portability and Accountability Act (“HIPAA”). It...more

Health Care Compliance Association (HCCA)

$1.5M Warby Parker Fine a Holdover; OCR Focuses On Men in Sports, Antisemitism, ‘Biological Truth’

Health Care Compliance Association (HCCA) on

Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more

Wyrick Robbins Yates & Ponton LLP

Analyze This: OCR Kicks Off 2025 with Two New HIPAA Enforcement Actions Against Business Associates as Part of New Risk Analysis...

Wyrick Robbins Yates & Ponton LLP on

Just two weeks into the year, 2025 is already shaping up to be a busy year for privacy lawyers, especially those tasked with helping covered entities and business associates comply with the HIPAA Security Rule.  As we...more

Holland & Knight LLP

HIPAA Tidings: A Look at OCR's Recent Enforcement Actions

Holland & Knight LLP on

In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more

BakerHostetler

DSIR Deeper Dive: Tracking the Crackdown on Tracking/Pixel Technologies: Web Litigation and Regulatory Landscape - Part 2

BakerHostetler on

In the first part of this blog post, we looked into the OCR and FTC’s focus on third-party tracking technologies. We also reviewed the AHA Lawsuit and its impact for the use of tracking technologies. In this blog post, we...more

Health Care Compliance Association (HCCA)

Recognized Security Practices ‘Saved’ Covered Entity $60K of $300K Fine, But Which Ones Remain a Mystery

Health Care Compliance Association (HCCA) on

Covered entities (CEs) and business associates (BAs) may receive a “discount” for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more

BakerHostetler

HHS OCR Provides Annual Report to Congress Detailing 2022 Enforcement Activities

BakerHostetler on

On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more

BakerHostetler

HHS OCR Announces Largest Civil Monetary Penalty Imposed Since 2021 for Snooping Incident

BakerHostetler on

Nearly two months after settlement was reached, the Department of Health and Human Services Office for Civil Rights (HHS OCR) announced on Feb. 6 that it obtained a resolution agreement with Montefiore Medical Center over...more

Bricker Graydon LLP

HHS Issue Six Figure Penalty for Ransomware Attack

Bricker Graydon LLP on

Late last year, the Department of Health and Human Services (HHS) issued its first HIPAA settlement agreement involving a ransomware attack. In the press release announcing the settlement, HHS stated that they began...more

Dorsey & Whitney LLP

HIPAA on the Horizon in the New Year: Important Lessons from an Active 2023 and Regulatory Initiatives to Watch for in 2024

Dorsey & Whitney LLP on

2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more

Brooks Pierce

Business Associate Victim of Ransomware Attack Pays $100,000 to HHS OCR

Brooks Pierce on

Is your organization a business associate? You could be subject to enforcement action if you fail to protect health information within your control from ransomware attacks. In October, for the first time, the U.S....more

BakerHostetler

OCR’s October Initiatives: Strengthening Telehealth Security and HIPAA Compliance

BakerHostetler on

October has been a busy month for the OCR, which is tasked with enforcing the regulations issued under HIPAA. In the past week, the OCR released two new guidance documents aimed at reducing the privacy and security risks...more

Health Care Compliance Association (HCCA)

[Event] 2023 Healthcare Enforcement Compliance Conference - November 5th - 7th, Washington, DC

Health Care Compliance Association (HCCA) on

Hear directly from the enforcement community - Want to gain insight into properly monitoring, detecting, investigating, and managing violations? Join us at HCCA’s Annual Healthcare Enforcement Compliance Conference to...more

Dorsey & Whitney LLP

HHS OCR Settles HIPAA Investigation with Business Associate for $350,000

Dorsey & Whitney LLP on

Over the past decade, the number of health care data breaches reported to the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has increased dramatically. From 2009 to 2022, over 5,000 data...more

Health Care Compliance Association (HCCA)

[Event] Regional Healthcare Compliance Conference - January 27th, Lake Buena Vista, FL

Health Care Compliance Association (HCCA) on

Looking for compliance education and networking in your area? HCCA’s Regional Healthcare Compliance Conferences offer practitioners convenient, local compliance education, including updates on the latest news in regulatory...more

Health Care Compliance Association (HCCA)

[Virtual Event] Healthcare Enforcement Compliance Conference - November 7th - 9th, 8:55 am - 3:30 pm CST

Health Care Compliance Association (HCCA) on

Hear directly from the enforcement community - Want to gain insight into properly monitoring, detecting, investigating, and managing violations? Join us virtually at HCCA’s Annual Healthcare Enforcement Compliance...more

Health Care Compliance Association (HCCA)

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

Williams Mullen

Has the Bear Awakened From Its Hibernation? OCR Announces Four HIPAA Enforcement Actions

Williams Mullen on

On March 28, 2022, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) reported four new Health Insurance Portability and Accountability Act (HIPAA) enforcement actions. After a multi-month hiatus...more

Health Care Compliance Association (HCCA)

OCR Targets Three Dentists in New Enforcement Actions; Nixes Political Use of PHI, Review Backlash

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 22, no. 4 (April, 2022) - By many measures, David Northcutt’s unsuccessful 2018 bid for the Alabama senate was a costly one. Northcutt, a dentist, loaned his campaign $73,000 throughout the...more

Health Care Compliance Association (HCCA)

OCR Investigator: Goal Is to Uncover ‘Root Cause,’ Remedy Harm From Violations

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 21, no. 5 (May 2021) - Given the hundreds of thousands of HIPAA covered entities (CEs) and business associates (BAs) and the two dozen or so enforcement actions the HHS Office for Civil Rights...more

72 Results
 / 
View per page
Page: of 3
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide