The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced three settlements arising out of the alleged impermissible disclosure of protected health information (PHI) during the...more
Just over a month after the European Union’s General Data Protection Regulation (“GDPR”) went into effect, the State of California enacted a data privacy law, the scope and breadth of which rivals the GDPR. While the...more
7/17/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
New Legislation ,
Opt-Outs ,
Personally Identifiable Information ,
Popular ,
Private Right of Action ,
State and Local Government
Based on the results of the Office for Civil Rights (OCR) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Phase 2 desk audits for covered entities, small and mid-sized providers (Smaller Providers) are on...more
New York Attorney General Eric Schneiderman has been in hot pursuit of organizations in his state that fail to maintain the security and privacy of personal information. On March 6, 2018, the Attorney General’s office...more
Changes to the federal regulations governing the protection of human subjects participating in research (known as the Common Rule) were amended earlier this year. The changes to the Common Rule impact research conducted,...more
April proved to be a busy month for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) under its newly appointed director, Roger Severino. OCR announced three settlements of potential HIPAA...more
5/2/2017
/ EHealth ,
Electronic Protected Health Information (ePHI) ,
FQHC ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
OCR ,
PHI ,
Phishing Scams ,
Risk Management ,
Settlement ,
Telehealth
Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more
2/8/2017
/ Civil Monetary Penalty ,
Cyber Attacks ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Hospitals ,
OCR ,
Penalties ,
Personally Identifiable Information ,
PHI ,
Security Standards
As the East Coast prepares for the arrival of Hurricane Matthew, covered entities and business associates should take the opportunity to remind their workforce members to safeguard protected health information (PHI) that is...more
10/6/2016
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Disaster Preparedness ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Medical Records ,
Natural Disasters ,
Patient Privacy Rights ,
PHI ,
Severe Weather
The Department of Health and Human Services Office for Civil Rights (OCR) announced on August 4, 2016, a settlement agreement with Advocate Health Care Network, an integrated healthcare system with ten hospitals and a...more
8/10/2016
/ Civil Monetary Penalty ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Hospitals ,
OCR ,
Personally Identifiable Information ,
PHI
Last week, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced the first HIPAA settlement involving a business associate. Catholic Health Care Services of the Archdiocese of Philadelphia...more
A New York hospital has settled with the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) for $2.2 million after allowing a TV crew for the ABC documentary series “NY Med” to film patients...more
A group practice that was the victim of a silver-harvesting scam has agreed to pay the U.S. Department of Health and Human Services (“HHS”) $750,000 to settle charges that it released protected health information (“PHI”) of...more
Just in time for the Phase 2 audits, the Department of Health and Human Services Office for Civil Rights (OCR) quietly posted the updated HIPAA Audit Protocol on its website. The new audit protocol has been updated to include...more
The U.S. Department of Health and Human Services Office of Civil Rights (OCR) recently announced that it has started obtaining and verifying entity contact information to identify covered entities and business associates for...more
On February 25, 2016, the Office of Civil Rights (OCR) released a set of FAQs directed at healthcare providers and plans that are required to comply with the HIPAA Privacy Rule (the Privacy Rule). The guidance emphasizes that...more
An Illinois circuit court judge has dismissed five of six claims in a consolidated class action against Advocate Health and Hospital Corporation arising from a data breach in July 2013. The judge’s dismissal with prejudice...more
9/25/2015
/ Breach of Contract ,
Breach of Duty ,
Breach of Implied Contract ,
Class Action ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Dismissal With Prejudice ,
Fair Credit Reporting Act (FCRA) ,
Fiduciary Duty ,
Hackers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Negligence ,
Personally Identifiable Information ,
Unjust Enrichment
On June 2, 2015, the Second District Illinois Appellate Court affirmed the decisions of two lower courts, which had dismissed breach of privacy cases for lack of standing. The cases were consolidated for the purposes of the...more
On Monday, January 26, 2015, the Department of Health and Human Services ("HHS") announced a timeline for moving physicians and hospitals into new payment systems and tying Medicare reimbursements to quality of care....more
On December 17, 2014, the Centers for Medicare and Medicaid Services ("CMS") announced that there would be reductions in Medicare reimbursement for health care providers who do not meet the CMS electronic health record...more
Social media can be an effective and easy way to connect with friends and professional contacts. However, it can also serve as a tool for institutions and principal investigators involved in enrolling subjects in clinical...more
The Affordable Care Act contains a provision known as the Physician Payments Sunshine Act, which requires the Centers for Medicare and Medicaid Services (CMS) to establish a national databank containing information on the...more
10/6/2014
On July 10, 2014, a Kane County, Illinois Circuit Court granted a motion to dismiss with prejudice in favor of Advocate Health & Hospitals Corporation (Advocate) in a class action case arising out of a breach of patients'...more