Data Breach Business Associates

News & Analysis as of

Causes of Healthcare Data Breaches

Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), covered entities (e.g. healthcare providers and health plans) must notify the Department of Health and Human Services (“HHS”) of breaches...more

OCR Continues to Strengthen HIPAA Enforcement Efforts

The United States Department of Health and Human Services Office for Civil Rights ("OCR") sent a strong HIPAA enforcement message this summer, entering four resolution agreements, including the highest financial settlement to...more

OCR Sets Sights on Smaller HIPAA Breaches

Covered entities and business associates can expect increased scrutiny for breaches of unsecured protected health information affecting fewer than 500 individuals. Starting August 2016, the U.S. Department of Health and Human...more

OCR Announces Initiative to Amplify Investigations of Breaches Affecting Fewer than 500 Individuals

Taking another step toward more aggressive enforcement under the Health Insurance Portability and Accountability Act (“HIPAA”), on August 18, 2016, the U.S. Department of Health & Human Services (“HHS”) Office for Civil...more

OCR: No privacy breach is too small

The Office for Civil Rights (OCR) HIPAA enforcement efforts are continuing to increase. This year, the OCR has already announced 10 HIPAA enforcement actions involving fines, which is a 67 percent increase from last year and...more

Corporate E-Note - August 2016

In a “Table of Experts” series published on July 15, 2016 by the Birmingham Business Journal, Ed Christian provides his insight into a series of questions related to mergers and acquisitions. Please see full E-note below...more

OCR to Increase Investigations Of Smaller PHI Breaches

Healthcare providers and other covered entities must report breaches of unsecured protected health information (“PHI”) to the Secretary of Health and Human Services in accordance with the Breach Notification Rule of the...more

OCR to Focus More Investigative Resources on Smaller HIPAA Breaches with Less Than 500 Individuals Affected

The Department of Health & Human Services (DHHS) Office of Civil Rights (OCR) recently announced it will devote more resources to investigate smaller HIPAA breaches. Before this announcement, OCR typically opened...more

HIPAA Security Rule Compliance for Providers & Business Associates in Three Easy Steps

On August 4, 2016, the Office for Civil Rights (“OCR”) of the U.S. Health & Human Services Department (“HHS”) announced a $5.55 million HIPAA settlement with Advocate Health Care Network (“Advocate”), the largest...more

Client Alert: OCR Blitzkrieg: Wider Investigation of Smaller Breaches

On the heels of its first business associate settlement with a business associate and a hat trick of multi-million dollar settlements with covered entities involving electronic Protected Health Information (“PHI”), on August...more

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

A Closer Look at the OCR’s Guidance on Ransomware

In the wake of several high-profile ransomware infections targeting hospitals and health care organizations, the Department of Health and Human Services Office for Civil Rights (OCR) has issued guidance on the growing threat...more

Now is a Good Time to Review Your HIPAA Policies

The HHS Office for Civil Rights (OCR) has announced it is increasing its investigations of breaches of unsecured protected health information (PHI) affecting fewer than 500 individuals. As a reminder, the HIPAA Breach...more

OCR to Increase Efforts to Investigate Breaches Affecting Fewer Than 500 Individuals

The Department of Health and Human Services Office for Civil Rights (OCR) is the federal agency tasked with investigating data breaches involving protected health information (PHI) under the Health Insurance Portability and...more

Smaller HIPAA Breaches To Get More Attention by Office for Civil Rights

The HIPAA breach notification rule has two buckets for classifying data breaches – those that involve “protected health information” (PHI) of 500 or more individuals and those that involve fewer than 500 individuals. Since...more

It’s Not the Olympics, but OCR Sets New HIPAA Settlement Records

Athletes at the Rio Olympics aren’t the only ones setting records this year. Hoping to send a “strong message” about the importance of safeguarding electronic protected health information (PHI) and conducting mandated risk...more

Latest OCR HIPAA Settlement Provides Lessons for Covered Entities

Capping off a busy month of HIPAA settlements, on August 4, the Office for Civil Rights (“OCR”) announced a $5.55 million settlement with Advocate Health Care Network (“Advocate”), the largest fully-integrated healthcare...more

Blog: Advocate Data Breaches Result in Largest HIPAA Settlement To Date

On August 8th, 2016, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) issued the largest Health Insurance Portability and Accountability Act (HIPAA) settlement to date with Advocate Health...more

Largest HIPAA Settlement Announced Against A Single Entity: $5.55 Million

On August, 4, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Advocate Health Care Network (Advocate) agreed to pay a settlement amount of $5.55 million and adopt a...more

Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

The US Department of Health and Human Services (HHS) has recently issued guidance under the Health Insurance Portability and Accountability Act (HIPAA) on what covered entities and business associates can do to prevent and...more

HIPAA News: HHS Getting Tough On ePHI Data Breaches

On August 4, 2016, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced a record-setting settlement with Advocate Health Care Network (Advocate) for multiple potential violations of HIPAA...more

Advocate Health Care Network Agrees to Pay $5.55 Million to Settle Potential HIPAA Penalties

On August 4, 2016, the Office of Civil Rights (“OCR”) announced that Advocate Health Care Network (“Advocate”), Illinois’ largest fully-integrated health care system, has agreed to pay a record-breaking $5.55 million to...more

Largest Health & Human Services HIPAA Settlement Wake-Up Call for Covered Entities to Evaluate and Mitigate Risks

On Thursday, August 4, 2016, the U.S. Department of Health & Human Services, Office of Civil Rights (OCR) announced the largest settlement ever with a single entity for multiple potential Health Insurance Portability and...more

"Privacy & Cybersecurity Update - July 2016"

In this edition of our Privacy & Cybersecurity Update, we discuss the revised Privacy Shield and what companies should be doing to prepare for the new program, the FTC's reinstatement of its LabMD case, the European...more

HIPAA Wake-Up Call for Financial Institutions: First HIPAA Settlement with Business Associate

It’s a HIPAA first. A business associate has settled a direct enforcement action over allegations that it potentially violated the Health Insurance Portability and Accountability Act (HIPAA). This settlement portends future...more

125 Results
|
View per page
Page: of 5
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×