Covered Entities Office of Civil Rights

News & Analysis as of

2.7 Million Dollar HIPAA Settlement

Last week, Oregon Health & Science University (“OHSU”) agreed to pay $2.7 million to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Security Rule, Privacy Rule, and...more

Boosts in Ransomware Attacks Spark Multiple Government Agency Responses

Following a recent U.S. government interagency report indicating that, on average, there has been an alarming 300 percent spike in daily ransomware attacks since early 2016 as compared with 2015, the U.S. Department of Health...more

University of Mississippi Medical Center settles HIPAA violations for $2.75M

The Office for Civil Rights (OCR) has obtained another big settlement from a covered entity resulting from a data breach. This most recent settlement of fines and penalties and a Resolution Agreement is with the University of...more

HIPAA and $15 Million in 2016

For years, many questioned whether the HIPAA privacy and security rules would be enforced. The agency responsible for enforcement, Health and Human Services’ Office for Civil Rights (OCR), promised it would enforce the rules,...more

OCR Makes It Official: Ransomware Attacks Are HIPAA Breaches

Ransomware attacks appear to be increasing in frequency as well as severity. Ransomware is malicious software that encrypts data until a ransom is paid to the hacker. For healthcare providers, the inability to access...more

HHS Releases Guidance On Ransomware And HIPAA

On July 11, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) published new guidance on the how HIPAA applies to ransomware prevention and attacks. Specifically, the guidance lays out...more

Final ACA Nondiscrimination Rules Under Section 1557 Now Effective

This is the one hundred and first issue in our series of alerts for employers on selected topics on health care reform. (Click here to access our general Summary of Health Care Reform and other issues in this series.) This...more

HHS OCR Guidance on Ransomware Attacks: They Constitute a “Security Incident” and Are Likely a Data Breach

On July 11, 2016, the HHS Office of Civil Rights (OCR) released guidance on HIPAA covered entities’ responsibilities in a ransomware attack, a type of cyber-attack that has targeted the health care sector extensively in...more

Report Warns Providers of HIPAA Violations When Responding to Negative Online Reviews

ProPublica, a public interest investigative newsroom, recently identified more than 3,500 one-star medical reviews on Yelp in which patients complained about privacy issues. ProPublica determined that “in dozens of instances,...more

New Materials Help Covered Entities Comply with Nondiscrimination Rules

Last week, the Department of Health and Human Services (“HHS”) released new materials for covered entities to use to comply with Section 1557, the nondiscrimination provision of the Affordable Care Act. Section 1557...more

Ransomware Attack is a Breach – Unless You Can Prove Otherwise

Ransomware is the fastest growing malware threat in the United States, targeting simple home computers to elaborate corporate IT networks. The Federal Bureau of Investigation recently reported an increase in ransomware...more

Client Alert - The Government Makes a Business Associate Pay: What HIPAA Covered Entities and Business Associates Can Learn from...

The government has entered into its first settlement with a HIPAA business associate, including a $650,000.00 monetary penalty, ushering in a new period of enforcement for third parties who use Protected Health Information...more

Regulatory Authorities Launch The Second Phase Of The HIPAA Compliance Audit Program

As a part of its continued efforts to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the Health and Human Services (HHS) Office for...more

The Long Anticipated HIPAA Audits Are Here!

Phase 2 HIPAA Audits, which the Department of Health and Human Services' Office of Civil Rights ("OCR") announced had "launched" back in March of this year, have now officially begun. On Monday, July 11, 2016, the first round...more

OCR Issues New Guidance on Ransomware and HIPAA

In response to a rising number of ransomware attacks on healthcare systems, the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has issued new ransomware guidance on the HIPAA obligations of...more

OCR Launches Phase 2 HIPAA Audits

On July 11, 2016, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) notified 167 covered entities of their selection for Phase 2 desk audits. The audits will examine compliance with the...more

OCR Begins HIPAA Phase 2 Audits

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

HIPAA Audit Program Update—HHS OCR Moves Forward with Desk Audits

As we previously reported, on March 21, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) launched the long-awaited Phase 2 of the audit program that is intended to assess compliance with...more

OCR Sends Notification Letters to Phase 2 HIPAA Auditees

On July 12, 2016, HHS’s Office for Civil Rights (OCR) distributed an e-mail discussing recent developments in Phase II of its HIPAA audit program....more

BYOD Risks under HIPAA – Does Your HIPAA Compliance Program Adequately Address the Ever Increasing Use of Portable Electronic...

Many U.S. employers are now allowing employees to use their own personal handheld devices and laptop computers for work-related purposes. As the age of employer-provided devices is coming to an end and “bring your own device”...more

Check Your Desk: HIPAA Audits for Covered Entities Have Arrived

The Office of Civil Rights (OCR) of the Department of Health and Human Services has moved forward with Phase 2 of its Health Insurance Portability and Accountability Act of 1996 (HIPAA) audit program. On Monday, July 11,...more

First Ever OCR Settlement of Enforcement Action against HIPAA Business Associate Due to PHI Breach

On June 30, the Office of Civil Rights (OCR) announced the first HIPAA settlement agreement with a business associate. This follows recent settlements with two HIPAA covered entities under HIPAA due, in large part, to the...more

OCR Announces New HIPAA Guidance on Ransomware

In response to the increasing prevalence of ransomware cyber-attacks by hackers on electronic health information systems in hospitals and medical practices, the Department of Health and Human Services (HHS) Office for Civil...more

OCR Update: HIPAA Phase 2 Audit Notices—Responses Due July 22, 2016

On July 11, 2016, e-mail notification was sent to 167 covered entities alerting them of their inclusion in the desk audit portion of OCR’s 2016 HIPAA audit program. Selected covered entities must respond no later than July...more

Just a Matter of Time: First-Ever Settlement of HIPAA Claims Against a Business Associate

On June 30, 2016, the Health and Human Services Office for Civil Rights (OCR) announced the first-ever settlement of Health Insurance Portability and Accountability Act (HIPAA) claims against a business associate. According...more

202 Results
|
View per page
Page: of 9
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×