The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced another settlement for alleged violations of HIPAA. OCR investigated BayCare Health System, which serves central Florida, after a...more
A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different...more
On November 1, 2024, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a $90,000 settlement with Bryan County Ambulance Authority (“BCAA”), a provider of emergency medical...more
If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more
In late October, the U.S. Department of Health and Human Services (HHS) reached a settlement agreement with a medical management company based in Massachusetts over alleged HIPAA violations. Under the settlement terms, the...more
2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more
On November 20, 2023, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced an $80,000 HIPAA settlement with Saint Joseph’s Medical Center (“SJMC”) in New York State. The...more
A recent settlement entered into by the nation’s largest publicly operated health plan serves as a stark warning to all entities and business associates subject to the Health Insurance Portability and Accountability Act:...more
Summer is in full swing, but the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) is doing anything but taking a vacation from HIPAA. In May and June, OCR issued five resolution agreements...more
On June 28, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement (resolution agreement and corrective action plan) with iHealth Solutions (also known as Advantum Health)...more
Unhappy consumers, including patients, are free to express dissatisfaction with services they receive from providers on popular social media or online review platforms, such as Yelp and Google. At least in the healthcare...more
On February 2, 2023, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reached a settlement with Banner Health Affiliated Covered Entities (“Banner Health”) for a 2016 data breach that...more
As illustrated by a recent Office for Civil Rights (OCR) settlement with a dental practice, health care entities continue to struggle with how to respond to negative online reviews while maintaining compliance with the HIPAA...more
Report on Patient Privacy 22, no. 10 (October, 2022) - How about free? Patients daily face the machinations of getting records from their providers, and health care practices, hospitals and even dentists struggle with...more
After a long stretch of breach enforcement actions and settlements arising out of alleged technology gaps, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced that it settled a case...more
Report on Patient Privacy 22, no. 9 (September, 2022) - When recommending best practices, federal privacy and security officials stress that organizations need to follow their protected health information (PHI) wherever...more
On August 23, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that Massachusetts-based New England Dermatology, P.C., d/b/a New England Dermatology and Laser Center (NEDLC), agreed to...more
On March 28, 2022, Health and Human Services, Office for Civil Rights (OCR) announced the resolution of four enforcement actions, three resolved in 2021 and one resolved in 2022. There are some interesting aspects of this...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has pursued its HIPAA Right of Access Initiative since 2019. OCR’s 19th settlement under the initiative, with The Diabetes, Endocrinology &...more
For those providers who somehow missed or ignored the first 15 settlements in the series, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced that Sharp HealthCare, doing...more
In 2020, the Office for Civil Rights (OCR) kept the promise it made the prior year to “vigorously enforce” the rights of patients to access and exercise control over their medical records. OCR has settled ten “right of...more
The city of New Haven, Connecticut recently agreed to pay $202,400 to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) to settle multiple HIPAA violations in connection with a 2016 incident at...more
Report on Patient Privacy 20, no. 10 (October 2020) - September was quite the month for enforcement actions by the HHS Office for Civil Rights (OCR). The agency announced eight settlements totaling more than $10 million....more
Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of...more
The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA Rights to Access Initiative (Initiative), which it announced would be an enforcement priority for it starting in 2019....more