Compliance Office of Civil Rights

Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory... more +
Compliance programs typically refer to formalized institutional procedures within corporations and organizations to detect, prevent and respond to indvidual and widespread instances of regulatory violations.  In response to many corporate scandals evidencing rampant unethical business practices, many nations, including the United States, began passing strict regulatory frameworks aimed at curbing these abuses. Notable pieces of legislation in this area include the U.S. Foreign Corrupt Practices Act (FCPA), Sarbanes-Oxley (SOX), and the U.K. Bribery Act, to name a few. The foregoing statutes and the severe penalties often associated with them form the basis of many modern institutional compliance programs. less -
News & Analysis as of

Cloud Sharing Apps Scrutinized for ePHI

In a relatively short time period, the direct costs of document storage have dropped precipitously, and cloud-based document storage has become ubiquitous. Clearly, this is a wave of the future. But a recent settlement...more

Don't Fumble Your HIPAA Obligations: Ensure Your HIPAA Playbook Implements Appropriate Protections for Patients

The injuries suffered by a professional football player brought the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA") onto center stage of the media during the days...more

HIPAA Settlement Regarding Use of Internet Applications

On July 10, 2015, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton, Massachusetts, regarding potential...more

Recent HHS Settlement Highlights Risks of Electronically-Sharing Protected Health Information

On July 10, 2015, the United States Department of Health and Human Services Office for Civil Rights (OCR) announced its second settlement of the year for violations of the Health Insurance Portability and Accountability Act...more

Use of File-Sharing Service Leads To $218,400 Fine For HIPAA Violations

Internet-based file-sharing services such as Dropbox and Google Drive can be easy and convenient to use, whether via the touch of an app on a mobile device or by opening a browser on a PC. Healthcare professionals are often...more

Massachusetts Hospital Agrees to Six-Figure Payment Related to HIPAA Compliance Allegations

St. Elizabeth’s Medical Center (SEMC), a tertiary care hospital based in Brighton, Mass., agreed to pay $218,400 to address deficiencies in its HIPAA compliance activities. The SEMC settlement continues a pattern of...more

OCR Enforcement Trends

On April 27, 2015, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a resolution agreement with Cornell Prescription Pharmacy (CPP) pursuant to which CPP paid a $125,000...more

“Enough is Enough” Legislation Becomes Law: New York Education Law Article 129-B Establishes New Requirements for New York State...

On July 7, 2015, New York Governor Andrew Cuomo signed into law legislation that will, once again, change the way public and private colleges and universities in New York (“higher education institutions”) must respond to...more

A Year in Review: Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights

The U.S. Department of Health and Human Services Office for Civil Rights had another busy year in 2014. More resolution agreements were signed by HHS and Covered Entities than in the previous year, and several Covered...more

Data Breach Nightmare Scenario: News Affiliate Reports Improper Disposal of Patient Information

A tip from a local Denver news outlet lead to a compliance review, investigation and ultimately a resolution agreement between the Department of Health and Human Services’ Office for Civil Rights (“OCR”) and Denver-based...more

CFTC Staff Issues Relief from Ownership and Control Reporting Rules

The conditional, time-limited no-action letter extends certain compliance deadlines under the new rules. On November 18, 2013, the US Commodity Futures Trading Commission (CFTC) published final rules on Ownership and...more

Recent OCR Reports Illustrate Past and Future Compliance and Enforcement Efforts

Daily news stories about data breaches and enforcement actions seem to be the new norm, so it’s no surprise that people may start to believe that hackers have won the war and that no personal health information is safe. But...more

Policyholders Face Heightened Scrutiny Under OCR’s New Permanent Audit Program

The U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) has notably increased enforcement of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”) and Health Information...more

Confidentiality and Title IX

In OCR’s April 2011 Dear Colleague Letter, OCR referenced a covered institution’s obligations in the face of knowledge of sexual harassment/misconduct and a victim’s request for confidentiality and/or that the institution not...more

Physical Therapy Provider Enters into HIPAA Settlement

U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced yet another enforcement action. Specifically, OCR opened a compliance review of Concentra Health Services (Concentra) upon...more

Free HIPAA Help

Health care providers, health plans, business associates, and other entities affected by the federal HIPAA privacy and security regulations are quickly running out of excuses for not having a robust HIPAA compliance program...more

Compliance is No Joke: OCR Releases Security Risk Assessment Tool

On March 28, 2014, the Office of Civil Rights (OCR) announced the release of an online and iPad app-based security risk assessment (SRA) tool. The tool is intended to help health care providers in small to medium sized...more

HHS's New Security Risk Tool for HIPAA Compliance

On March 28, 2014, the HHS Office of the National Coordinator for Health Information Technology (ONC), in conjunction with the HHS Office for Civil Rights (OCR), released a Security Risk Assessment tool (SRA tool) to assist...more

HIPAA Housekeeping - Don't Forget Your Annual Report of Small Breaches

If you are a "covered entity" under the Health Insurance Portability and Accountability Act ("HIPAA") and suffer a breach of protected health information, one of your first reactions should be to count the number of affected...more

Be Prepared – HIPAA Audits are Coming in 2014

Later this year, the Department of Health and Human Services (“DHHS”) is expected to launch its permanent HIPAA Audit Program. The HIPAA Audit Program is authorized under Section 13411 of the HITECH Act, and is designed to...more

Privacy and Security Alert: January 9th, 2014

On December 5, 2013, the Office of Inspector General (OIG) reported on the Office for Civil Rights’ (OCR) compliance as of May 2011 with oversight and enforcement of the Security Rule and compliance with federal cybersecurity...more

It’s Not Enough to Notify: Don’t Forget the Policies, Risk Analyses, and Training

HIPAA compliance ended with a bang in 2013, with the feds issuing the first settlement involving a health provider’s failure to have breach notification policies and procedures in place. On Dec. 24, 2013, the Department of...more

Privacy Monday – September 16, 2013

Dis-Like! Senator Markey Urges the FTC to Investigate Facebook’s New Policies - As we previously reported, Facebook has proposed a number of revisions to its Data Use Policy and Statement of Rights and...more

OCR Guidance to Address HIPAA Marketing Turmoil

In response to a recent lawsuit and outcry from a variety of players in the health care market, the Department of Health and Human Services (“HHS”) has committed to issuing guidance by September 23rd (the compliance date for...more

HIPAA Compliance Date: Sept. 23, 2013

Impending HIPAA Compliance Date - As discussed in prior HIPAA Alerts a final 563-page Omnibus HIPAA Rule was released by the Department of Health and Human Services Office of Civil Rights to strengthen HIPAA’s security...more

53 Results
|
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×