HIPAA Violations, Data Privacy, Data Breach

OCR Announces $800,000 HIPAA Settlement with Florida Health System

Rivkin Radler LLP on 7/3/2025

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced another settlement for alleged violations of HIPAA. OCR investigated BayCare Health System, which serves central Florida, after a...more

HHS Releases Cybersecurity Strategy for the Healthcare Sector

King & Spalding on 12/18/2023

On December 6, 2023, HHS released a concept paper that outlines the Department’s cybersecurity strategy for the healthcare sector titled, “Healthcare Sector Cybersecurity Strategy.” HHS reports that cyber incidents in...more

HHS Enters Into First-Ever Ransomware Resolution Agreement and Corrective Action Plan

Jones Day on 12/6/2023

The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out...more

Report on Patient Privacy Volume 22, Number 11. MD Anderson Won Against OCR, But Agency’s Response—Including on Fines—Keeps...

Health Care Compliance Association (HCCA) on 11/14/2022

Report on Patient Privacy Volume 22, Number 11. (November 2022) Nearly five years passed from the time the University of Texas MD Anderson Cancer Center reported to the HHS Office for Civil Rights (OCR) that three...more

Report on Patient Privacy Volume 22, Number 10. Privacy Briefs: October 2022

Health Care Compliance Association (HCCA) on 10/11/2022

Report on Patient Privacy 22, no. 10 (October, 2022) - Thirty Democratic senators led by Sen. Patty Murray, D-Wash., have called on HHS to strengthen federal privacy protections under HIPAA to broadly restrict providers...more

2016 Breach Costs OK State Medical Center $875K; System Initially Missed Vulnerability

Health Care Compliance Association (HCCA) on 8/16/2022

Report on Patient Privacy 22, no. 8 (August, 2022) - Oklahoma State University Center for Health Sciences’ (OSUCHS) breach might not have seemed all that serious at the time: No data is believed to have been misused,...more

HIPAA Compliance & the Role of Enterprise Information Archiving

Hanzo on 6/28/2022

Most people have heard of the Health Insurance Portability and Accountability Act (HIPAA), so it’s not surprising that companies dealing with digital health information will have to be HIPAA compliant. To do so, any protected...more

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Health Care Compliance Association (HCCA) on 5/6/2022

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

New Jersey Settles with Cancer Center Over Business Email Compromise

Robinson+Cole Data Privacy + Security Insider on 12/23/2021

One of the challenging things about HIPAA (Health Insurance Portability and Accountability Act) enforcement is the fact that both the Office for Civil Rights and State AGs have jurisdiction to assess fines and penalties for...more

The Cost of Employee Benefits Non-Compliance Just Went Up . . . Again

Fisher Phillips on 11/30/2021

The U.S. Department of Health & Human Services (HHS) just announced increased penalty amounts for entities who violate the privacy, security, and breach notification rules under the Health Insurance Portability and...more

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on 8/14/2020

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

HIPAA Violations › Data Privacy › Data Breach

"My best business intelligence, in one easy email…"