News & Analysis as of

Data Protection Office of Civil Rights

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

by Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

New HHS Cybersecurity Preparedness Checklist

by Carlton Fields on

The Department of Health and Human Services’ Office of Civil Rights (OCR) recently published a checklist to guide HIPAA-covered entities and business associates through an appropriate response to a ransomware or cybersecurity...more

OCR Issues Checklist for Responding to Cyber-Attack

The Office for Civil Rights (OCR) recently released guidance entitled “My Entity Just Experienced a Cyber-attack! What Do We Do Now?” The Checklist is a practical tool for health care entities and outlines several steps to...more

OCR Publishes Checklist and Infographic for Cyber Attack Response

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

HHS OCR Resumes HIPAA Enforcement Action Announcements: Four New Settlements and Penalties Totaling More than $5 million in a One...

by Arnall Golden Gregory LLP on

After a pause of nearly two months, the Department of Health and Human Services Office of Civil Rights (HHS OCR) has resumed its announcement of settlements for alleged HIPAA violations, with four new settlement agreements...more

A Draft Won’t Do: OCR Settles with CardioNet $2.5m for Failing to Finalize Policies and Procedures

On April 24, 2017, the Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced that CardioNet, a provider of remote mobile monitoring and rapid response services to patients at risk for cardiac...more

First HIPAA Settlement Involving a Wireless Health Services Provider

by Saul Ewing LLP on

?On April 24, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that CardioNet, Inc. (CNI) agreed to pay $2.5 million and enter into a Corrective Action Plan (CAP) to settle...more

OCR Urges Covered Entities and Business Associates to Use HTTPS

New guidance from the Office for Civil Rights (OCR) urges covered entities and business associates to use Secure Hypertext Transport Protocol (HTTPS) to protect communications from vulnerabilities. According to OCR, the...more

Lessons Gleaned From Recent HIPAA Settlements: An Ounce of Prevention is Worth a Pound of Cure: How Recent OCR Enforcement...

by McGuireWoods LLP on

HIPAA enforcement has been on the rise during the last several years, and the dollar impact of those settlements has continued to grow significantly. The Department of Health and Human Services, Office of Civil Rights (OCR)...more

Report Lists Health Care Data Breaches by State

A new report issued by Safetica USA has organized data breaches affecting over 500 individuals that were self-reported to the Office for Civil Rights (OCR) in 2016 into a list by state and records exposed....more

HIPAA Enforcement Update (October 2016 – January 2017)

by Locke Lord LLP on

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

by LeClairRyan on

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014. The number of complaints that year had...more

HIPAA Breach? Notify Promptly or Face Significant Potential Fines from HHS OCR

by Arnall Golden Gregory LLP on

On January 9, 2017, the Department of Health and Human Services Office of Civil Rights (HHS OCR), which enforces the privacy requirements contained in Health Insurance Portability and Accountability Act (HIPAA), announced a...more

Breach of Privacy Prompts Breach of Etiquette: DHHS Sets New Precedent in Privacy Breach Enforcement

by Faegre Baker Daniels on

On January 9, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) took action against a health system for non-timely reporting of a breach of protected health information. It was the first...more

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

by Davis Wright Tremaine LLP on

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just...more

OCR Issues Alert Regarding Phishing Email Disguised as Official OCR Audit Communication

by BakerHostetler on

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Nov. 28 describing a phishing email being circulated on mock HHS departmental letterhead under the signature of OCR...more

HHS OCR Alert: Phishing Email Disguised as Official OCR Audit Communication

This alert just in from HHS OCR: “It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to...more

OCR Warns of Phishing Campaign Disguised as Official OCR Communication

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published an alert on Monday describing a phishing campaign disguised as an email from OCR. The email is being circulated on mock HHS...more

Cloud Service Providers Beware, You May Be Subject to HIPAA Without Knowing It

by BakerHostetler on

The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more

HHS Designates Cloud Service Providers as Business Associates Under HIPAA

by Ballard Spahr LLP on

Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more

Confusing Joint Guidance published by OCR and FTC on HIPAA Authorization Forms

There are arguments that there is a dearth of guidance by both the Office for Civil Rights (OCR) and Federal Trade Commission (FTC), so when guidance comes out, we listen. But the most recent guidance jointly issued by the...more

HHS Publishes New Guidance on HIPAA and Cloud Computing

by Stinson Leonard Street on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

OCR Releases HIPAA Guidance on Cloud Computing

On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) released HIPAA guidance on cloud computing (Guidance). The Guidance is intended to help covered entities and business associates...more

GAO Study Slams HHS For Lack of Guidance to Covered Entities

We watch closely for any guidance to HIPAA covered entities and business associates from the Department of Health and Human Services Office for Civil Rights (HHS/OCR). Why? Because there is so little of it. Lately, the only...more

Small-Breach Focus Shows Growing Scope Of HIPAA Probes

by Ropes & Gray LLP on

Flexing yet more enforcement muscle under the Health Insurance Portability and Accountability Act, on Aug. 18, 2016, the U.S. Department of Health and Human Services Office for Civil Rights announced that it will more widely...more

142 Results
|
View per page
Page: of 6
Cybersecurity

"My best business intelligence,
in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.