News & Analysis as of

Data Breach Covered Entities

First HIPAA Settlement Involving a Wireless Health Services Provider

by Saul Ewing LLP on

?On April 24, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that CardioNet, Inc. (CNI) agreed to pay $2.5 million and enter into a Corrective Action Plan (CAP) to settle...more

It’s Just Plain Risky Not to Do A Risk Analysis: Recent OCR Settlement One of Several Resulting from Failure to Analyze and...

by Williams Mullen on

On April 12, 2017, the Office for Civil Rights (“OCR”) announced a settlement and corrective action plan with a Colorado federally-qualified health center, Metro Community Provider Network (“MCPN”), after a 2012 breach of...more

Healthcare Advisory: HHS Announces First Settlement with a Wireless Health Services Provider

by Sherman & Howard L.L.C. on

On April 24, 2017, the Department of Health and Human Services, Office of Civil Rights (“OCR”), announced its first settlement with a wireless health services provider, CardioNet, Inc., for alleged violations of the Health...more

Failure to Implement Business Associate Agreement Results in $31,000 Settlement For Health Care Provider

by Saul Ewing LLP on

On April 20, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that Children’s Digestive Health (CDH) agreed to pay HHS $31,000 for its failure to have a business associate...more

N.Y.’s New Cybersecurity Regulations: What Financial Services Companies Need to Know

With corporate data security breaches on the rise, the New York State Department of Financial Services (NYDFS) has adopted rules requiring financial institutions to take certain measures to safeguard their data and inform...more

Recent HIPAA Privacy and Security Settlements and Lessons Learned

by Perkins Coie on

Although the fate of the Affordable Care Act remains undecided, enforcement of the HIPAA privacy and security regulations by the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services is ongoing,...more

HIPAA Small Breach Notification Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely

by Davis Wright Tremaine LLP on

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more

Children’s Medical Center of Dallas Clobbered by OCR

In a rare move by the OCR, it assessed a $3.2 million fine against Children’s Medical Center of Dallas (Children’s) after it issued a Notice of Proposed Determination against Children’s and Children’s failed to request a...more

Lessons Learned from Recent OCR Settlements

by Ruder Ware on

We can learn some valuable lessons about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from settlements that are announced by the U.S. Department of Health and Human Services, Office...more

Mark Your Calendars: NY Cybersecurity Regulations to Go into Effect

by Pepper Hamilton LLP on

A covered entity will need to arrange for someone to perform the CISO function, dedicate resources to conduct periodic risk assessments, develop and implement policies and procedures, and retain appropriate personnel and...more

Recent HIPAA Enforcement Actions

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced the first ever settlement related to a Covered Entity’s untimely breach notification in violation of HIPAA. Presence Health,...more

HIPAA Breach? Notify Promptly or Face Significant Potential Fines from HHS OCR

by Arnall Golden Gregory LLP on

On January 9, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR), which enforces the privacy requirements contained in Health Insurance Portability and Accountability Act (HIPAA), announced a...more

Time Waits for No One: OCR Announces First HIPAA Settlement for Lack of Timely Breach Notification

by Davis Wright Tremaine LLP on

On Jan. 9, 2017, the Department of Health and Human Services Office for Civil Rights (“OCR”) announced the first HIPAA enforcement action for failure to timely report a breach. Often investigating and making formal...more

Time is of the Essence When Reporting a Breach of PHI

The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars. Earlier this month,...more

New York Department of Financial Services Revises Cybersecurity Proposal: Greater Flexibility and Delayed Compliance Deadlines

As we previously reported, in December 2016 the New York Department of Financial Services (the “DFS”) announced that it was revising its proposed regulation that would require banks, insurance companies and other financial...more

Looking Back at the HIPAA Resolution Agreements in 2016

by BakerHostetler on

In 2016, Health and Human Services’ (HHS) Office for Civil Rights (OCR), the enforcement arm for HIPAA, continued robust enforcement efforts. There were 12 reported resolution agreements (RA) in 2016. An RA is a settlement...more

AGG Food and Drug Newsletter - December 2016

by Arnall Golden Gregory LLP on

Arnall Golden Gregory LLP's Food and Drug Newsletter is a monthly update of legal and regulatory issues that affect the FDA-regulated community, including regular updates on legislative initiatives from AGG’s Washington, DC...more

HHS OCR Levies Significant HIPAA Penalties in a Series of Recent Settlements: Covered Entities and Business Associates Alike...

by Arnall Golden Gregory LLP on

Between June and November 2016, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has announced seven high-dollar settlements to resolve alleged violations of the HIPAA privacy, security, and breach...more

OCR Issues Alerts Regarding Phishing Email Disguised as Official OCR Audit Communication

by BakerHostetler on

The HHS Office for Civil Rights (OCR) published an alert on November 28 describing a phishing email being circulated on mock HHS departmental letterhead under the signature of OCR Director Jocelyn Samuels. The email prompts...more

UMass Amherst Settles HIPAA Violations with OCR for $650,000

The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more

HHS Issues Warning About Phishing Campaign Disguised As Official Communication

by Dentons on

As part of its efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) engages in audits of covered...more

OCR Alerts Listservs About Fake Phishing Email to Covered Entities and Business Associates

On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

OCR Stresses Importance of Authentication in Newsletter

In a recent newsletter, the Office for Civil Rights (OCR) encourages health care organizations to review their procedures around authentication and “ensure that they have the appropriate safeguards in place.”...more

Recent HIPAA Settlements Highlight Importance Of Business Associate Agreements

by Fisher Phillips on

Two related healthcare companies were forced to pay settlements with the federal government totaling over $500,000 over allegations relating to a data breach involving patient health information. Much of the negative...more

153 Results
|
View per page
Page: of 7
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
Feedback? Tell us what you think of the new jdsupra.com!