On August 29, 2024, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) withdrew its appeal of the US District Court for the Northern District of Texas’s June 20, 2024, decision in American...more
9/4/2024
/ American Hospital Association ,
American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Appeals ,
Cookies ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Technology Sector ,
Tracking Systems ,
Web Tracking ,
Websites
On August 19, 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) filed a notice of appeal of the US District Court for the Northern District of Texas’s June 20, 2024, decision in American...more
8/28/2024
/ American Hospital Association ,
American Hospital Association et al v Becerra Secretary Of Health And Human Services et al ,
Appeals ,
Cookies ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
HIPAA Security Rule ,
OCR ,
Technology Sector ,
Tracking Systems ,
Web Tracking ,
Websites
In a consequential decision for Health Insurance Portability and Accountability Act (HIPAA)-regulated entities, on June 20, 2024, the US District Court for the Northern District of Texas ruled in American Hospital Association...more
On February 8, 2024, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) jointly issued a final rule to amend the...more
On March 18, 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) issued an update to its December 1, 2022, bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and...more
3/22/2024
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Priorities ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Tracking Systems ,
Web Tracking ,
Websites
Several federal laws protect the “rights of conscience” of federally funded healthcare entities and healthcare providers and prohibit recipients of federal funds from requiring individuals to participate in actions that they...more
Data governance is a mission-critical issue for every company and institution in the United States.
GCs face a host of pressing cybersecurity concerns. Triaging them requires time, attention, and a well-rounded strategy...more
8/18/2023
/ Cookies ,
Corporate Governance ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Healthcare ,
Legislative Agendas ,
Mobile Apps ,
New Legislation ,
New Rules ,
OCR ,
Personal Information ,
Regulatory Agenda ,
Risk Factors ,
Risk Management ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
On December 1, 2022, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued a Bulletin on the obligations of covered entities and business associates (regulated entities) under the...more
12/6/2022
/ Data Privacy ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mobile Apps ,
New Guidance ,
OCR ,
Personally Identifiable Information ,
PHI ,
Tracking Systems ,
Web Tracking
On December 10, 2020, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking (NPRM) with proposed modifications to the Standards for the Privacy of...more
12/18/2020
/ Department of Health and Human Services (HHS) ,
Disclosure ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Access Request ,
HIPAA Privacy Rule ,
Information Requests ,
Medicare ,
NPRM ,
OCR ,
Third-Party
On April 2, 2020, the US Department of Health and Human Services, Office for Civil Rights announced that it will not impose civil money penalties against covered entity health care providers or their business associates for a...more
Recent months have seen a wave of ransomware attacks in the US healthcare industry, many involving a sophisticated strain of malware called Ryuk. To protect themselves, healthcare providers should review OCR’s recent guidance...more
12/12/2019
/ Criminal Investigations ,
Cyber Attacks ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
FBI ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
New Guidance ,
OCR ,
Patient Privacy Rights ,
Popular ,
Ransomware ,
US-CERT
In this second installment of the Healthcare Enforcement Quarterly Roundup for 2019, we cover several topics that have persisted over the past few years and identify new issues that will shape the scope of enforcement efforts...more
8/16/2019
/ Acquisitions ,
Centers for Medicare & Medicaid Services (CMS) ,
DEA ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Fraud and Abuse ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Fraud ,
Home Health Agencies ,
Mergers ,
New Guidance ,
New Rules ,
OCR ,
OIG ,
Opioid ,
Pharmaceutical Industry
On April 26, 2019, the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties (the Notice) to inform the public...more
5/10/2019
/ Civil Monetary Penalty ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Eighth Amendment ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Regulatory Agenda ,
Settlement Negotiations
The US Department of Health and Human Services, Office for Civil Rights (OCR) published a long-awaited Request for Information seeking feedback on whether and how the HIPAA Rules should be revised to better promote...more
Lack of a sufficient risk analysis continues to be one of the most commonly alleged violations in Office for Civil Rights (OCR) HIPAA enforcement actions, appearing in half of all OCR settlements announced in the last 12...more
The US Department of Health and Human Services Office for Civil Rights recently posted guidance clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a...more
10/27/2016
/ Anti-Kickback Statute ,
Business Associates ,
Corporate Counsel ,
Covered Entities ,
Data Blocking ,
Department of Health and Human Services (HHS) ,
EHR ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
OIG ,
PHI ,
Privacy Rule ,
Vendors
On September 29, 2015, the U.S. Department of Health & Human Services Office of the Inspector General (OIG), Office of Evaluation and Inspections, released two studies calling on the HHS Office for Civil Rights (OCR) to...more
Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered entities have reported that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently sent pre-audit screening surveys...more
5/18/2015
/ Audits ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
De-Identified Protected Health Information ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
OCR ,
PHI
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently transmitted HIPAA pre-audit screening surveys to covered entities that may be selected for a second phase of HIPAA compliance audits...more
On December 2, 2014, the Office for Civil Rights (OCR) and Anchorage Community Mental Health Services, Inc., (ACMHS) entered into a Resolution Agreement and Corrective Action Plan (CAP) to settle alleged violations of the...more
On January 25, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a final rule (Final Rule) containing modifications to the privacy standards (Privacy Rule), security...more
2/21/2013
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Privacy Rule