From OCR to AI The Future of Media and Image Analysis in eDiscovery
HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
In the first five months of 2025, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution...more
Just two weeks into the year, 2025 is already shaping up to be a busy year for privacy lawyers, especially those tasked with helping covered entities and business associates comply with the HIPAA Security Rule. As we...more
Report on Patient Privacy 22, no. 9 (September, 2022) - When recommending best practices, federal privacy and security officials stress that organizations need to follow their protected health information (PHI) wherever...more
Report on Patient Privacy 21, no. 2 (February 2021) - Unless an extension is granted or the notice of proposed rulemaking (NPRM) is withdrawn, covered entities (CEs) and business associates (BAs) have until late March to...more
In this week’s episode, Rebecca Schaefer and Hannah Maroney discuss a string of recent HIPAA enforcement actions which demonstrate that the HHS Office of Civil Rights (OCR), the agency tasked with enforcing HIPAA, is...more
On March 3, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) signaled to covered entities of all sizes that they need to take their HIPAA obligations seriously. OCR entered into a...more
One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health...more
The Office of Civil Rights of the Department of Health and Human Services (OCR) announced that it has entered into a settlement with a business associate that provides electronic medical records services to health care...more
We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7,...more
A Florida staffing agency which provides physicians to hospitals and nursing homes, has agreed to a $500,000 settlement with the U.S. Department of Health and Human Services, Office for Civil Rights. The settlement comes...more
Last week, the Office for Civil Rights (OCR) announced that it had reached a settlement with a contract physician group based in Florida to resolve potential HIPAA violations relating to the sharing of protected health...more
Last month, the Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced a resolution agreement with the Center for Children’s Digestive Health (CCDH) which included a $31,000 penalty. ...more
Providers Beware: OCR Published Three HIPAA Settlements in Two Weeks, Signaling a Ramp Up of HIPAA Enforcement Activity: Make sure risk assessments, business associate agreements and policies & procedures are in place...more
Last month, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced the largest settlement to date for alleged violations of the Health Insurance Portability and Accountability Act (HIPAA)....more
On the heels of its first business associate settlement with a business associate and a hat trick of multi-million dollar settlements with covered entities involving electronic Protected Health Information (“PHI”), on August...more
Advocate Health Care Network, which operates 12 hospitals and more than 200 other treatment centers in Chicago and central Illinois, has agreed to the largest settlement to date with the Office for Civil Rights (“OCR”) for...more
It’s a HIPAA first. A business associate has settled a direct enforcement action over allegations that it potentially violated the Health Insurance Portability and Accountability Act (HIPAA). This settlement portends future...more
The government has entered into its first settlement with a HIPAA business associate, including a $650,000.00 monetary penalty, ushering in a new period of enforcement for third parties who use Protected Health Information...more
On June 30, the Office of Civil Rights (OCR) announced the first HIPAA settlement agreement with a business associate. This follows recent settlements with two HIPAA covered entities under HIPAA due, in large part, to the...more
The possibility of business associates potentially being audited, investigated, and ultimately fined is now a reality. On June 24, 2016, the United States Department of Health and Human Services’ Office of Civil Rights...more
Our predictions that the Office for Civil Rights (OCR) will become more aggressive with audits, investigations, and fines against HIPAA business associates has come true. On June 24, 2016, the OCR announced that it has...more
A group practice that was the victim of a silver-harvesting scam has agreed to pay the U.S. Department of Health and Human Services (“HHS”) $750,000 to settle charges that it released protected health information (“PHI”) of...more