News & Analysis as of

OCR to Focus More Investigative Resources on Smaller HIPAA Breaches with Less Than 500 Individuals Affected

The Department of Health & Human Services (DHHS) Office of Civil Rights (OCR) recently announced it will devote more resources to investigate smaller HIPAA breaches. Before this announcement, OCR typically opened...more

OCR to Investigate More HIPAA Breaches Affecting Fewer Than 500 Individuals

On August 18, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced plans to expand its investigations of reported breaches of the Health Insurance Portability and...more

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

Ransomware May Be a Reportable HIPAA Breach

In 2016, more than 4000 ransomware or other malware attacks are occurring daily, a 300% increase since 2015. There have been reports of six hospitals that have been victims of ransomware in 2016. Ransomware is a type of...more

Smaller HIPAA Breaches To Get More Attention by Office for Civil Rights

The HIPAA breach notification rule has two buckets for classifying data breaches – those that involve “protected health information” (PHI) of 500 or more individuals and those that involve fewer than 500 individuals. Since...more

HSS Issues New Guidance on Ransomware Attacks Against HIPAA-Covered Entities

Ransomware attacks at hospitals and other healthcare facilities have dramatically increased over the last several years, putting healthcare providers in the uncomfortable position of having to consider paying thousands of...more

University of Mississippi to Pay $2.75 Million for Alleged HIPAA Violations

On July 21, 2016, the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) announced a settlement with the University of Mississippi Medical Center (UMMC), stemming from a 2013 breach of...more

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

The US Department of Health and Human Services (HHS) has recently issued guidance under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and...more

Advocate Health Care Network Agrees to Pay $5.55 Million to Settle Potential HIPAA Penalties

On August 4, 2016, the Office of Civil Rights (“OCR”) announced that Advocate Health Care Network (“Advocate”), Illinois’ largest fully-integrated health care system, has agreed to pay a record-breaking $5.55 million to...more

Largest Health & Human Services HIPAA Settlement Wake-Up Call for Covered Entities to Evaluate and Mitigate Risks

On Thursday, August 4, 2016, the U.S. Department of Health & Human Services, Office of Civil Rights (OCR) announced the largest settlement ever with a single entity for multiple potential Health Insurance Portability and...more

Ransomware Reporting Requirements & New HHS Guidance

Ransomware is malicious software that denies access to data, usually by encrypting the data with a private encryption key that is only provided once a ransom is paid. Sometimes the ransomware will actually destroy, steal, or...more

2.7 Million Dollar HIPAA Settlement

Last week, Oregon Health & Science University (“OHSU”) agreed to pay $2.7 million to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule, Privacy Rule, and...more

Is Ransomware a Notifiable Data Breach Event?

There is no doubt that companies face unprecedented volume and variation in both disruptive and intrusive cyberattacks on their networks. Among the different attack methodologies today, ransomware is quickly becoming a major...more

Two Multi-Million Dollar HIPAA Settlements Emphasize Importance of a Comprehensive Security Program

The U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced two settlements of more than $2 million each with respect to alleged violations of the Health Insurance Portability and...more

Boosts in Ransomware Attacks Spark Multiple Government Agency Responses

Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health...more

HHS Releases Guidance On Ransomware And HIPAA

On July 11, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) published new guidance on the how HIPAA applies to ransomware prevention and attacks. Specifically, the guidance lays out...more

HHS: Ransomware Attacks Can Trigger Reporting Requirements

On July 11, 2016, the HHS Office for Civil Rights (OCR) released new HIPAA guidance regarding ransomware. The Fact Sheet, issued by OCR on July 11, covers various issues relating to ransomware, including reporting...more

HHS OCR Guidance on Ransomware Attacks: They Constitute a “Security Incident” and Are Likely a Data Breach

On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in...more

Ransomware Attack is a Breach – Unless You Can Prove Otherwise

Ransomware is the fastest growing malware threat in the United States, targeting simple home computers to elaborate corporate IT networks. The Federal Bureau of Investigation recently reported an increase in ransomware...more

HHS: Ransomware Attacks Likely HIPAA Breaches In Absence of Encryption

On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and...more

Regulatory Authorities Launch The Second Phase Of The HIPAA Compliance Audit Program

As a part of its continued efforts to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the Health and Human Services (HHS) Office for...more

The Long Anticipated HIPAA Audits Are Here!

Phase 2 HIPAA Audits, which the Department of Health and Human Services' Office of Civil Rights ("OCR") announced had "launched" back in March of this year, have now officially begun. On Monday, July 11, 2016, the first round...more

OCR Begins HIPAA Phase 2 Audits

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

Check Your Desk: HIPAA Audits for Covered Entities Have Arrived

The Office of Civil Rights (OCR) of the Department of Health and Human Services has moved forward with Phase 2 of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program. On Monday, July 11,...more

Entity Fined $650,000 in First HIPAA Settlement with a Business Associate

The possibility of business associates potentially being audited, investigated, and ultimately fined is now a reality. On June 24, 2016, the United States Department of Health and Human Services’ Office of Civil Rights...more

117 Results
|
View per page
Page: of 5
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×