HIPAA Violations, Healthcare, Health Care Providers

From $5,000 to $800,000: Days Apart, OCR Security Settlements Show Puzzling Math

Health Care Compliance Association (HCCA) on 6/18/2025

A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different...more

Fresh From the Oven: OCR-HHS Issues a Notice of Proposed Rulemaking for the HIPAA Security Rule

Quarles & Brady LLP on 1/2/2025

‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more

Recognized Security Practices ‘Saved’ Covered Entity $60K of $300K Fine, But Which Ones Remain a Mystery

Health Care Compliance Association (HCCA) on 11/14/2024

Covered entities (CEs) and business associates (BAs) may receive a “discount” for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more

Employees’ Misdeeds, Lack of Risk Analysis Cost NY Hospital $4.75M; OCR Issues Warning

Health Care Compliance Association (HCCA) on 3/12/2024

Although the HHS Office for Civil Rights (OCR) described its recent $4.75 million agreement with a Bronx, New York, hospital as settling a “malicious insider cybersecurity investigation,” the agency considered a total of 11...more

Hey Doc, Be Careful on TikTok - Legal Pitfalls of Healthcare Providers in the Social Media Age

Buckingham, Doolittle & Burroughs, LLC on 3/4/2024

Imagine you are scrolling on TikTok, Facebook, Instagram, or one of the multitude of other social media platforms that almost every one of us have on our devices, and you come across a video of a physician discussing medical...more

OCR Ends Year With Settlements That Tread Old Ground, Says New Rules Are Coming—Someday

Health Care Compliance Association (HCCA) on 1/17/2024

If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more

OCR Will Focus on You if You Don’t Focus on Cybersecurity

Akerman LLP - Health Law Rx on 12/21/2023

With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more

Revised Privacy Rule May Not Emerge for Two Years; Info Blocking Penalty Regulation Published

Health Care Compliance Association (HCCA) on 7/17/2023

Report on Patient Privacy Volume 23, no 7 (July 2023) In two public talks this spring, Melanie Fontes Rainer, director of the HHS Office for Civil Rights (OCR), said completing the 2021 proposed regulation extensively...more

Lawsuits Reinforce Importance of Health Care Websites being HIPAA Compliant

Harris Beach Murtha PLLC on 3/27/2023

After dozens of class-action lawsuits filed against health care providers across the country alleging their websites shared patient information with social media sites such as Facebook and Instagram, providers are again urged...more

OCR Settles Improper Disposal Case for $300,640

Robinson+Cole Data Privacy + Security Insider on 8/26/2022

On August 23, 2022, the Office for Civil Rights (OCR) issued a press release announcing that it had settled with New England Dermatology, P.C. (NED) for $300,640 “over the improper disposal of protected health information.” ...more

HIPAA Violations › Healthcare › Health Care Providers

"My best business intelligence, in one easy email…"