Office of Civil Rights

News & Analysis as of

$5.5 Million HIPAA Settlement Underscores Importance of Audit Controls

On February 16, 2017, the HHS Office for Civil Rights (OCR) disclosed a $5.5 million settlement with Memorial Healthcare Systems (MHS) for HIPAA violations affecting the protected health information (PHI) of 115,143...more

$5.5 Million HIPAA Settlement Matches Largest Payment To-Date

On February 16, 2017, the U.S. Department for Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced that Memorial Healthcare Systems of Florida (“MHS”) agreed to pay $5.5 million and enter into a...more

Want to Know Why Memorial Healthcare Systems Is Paying HHS OCR $5.5 Million?

On February 16, 2017, HHS OCR announced that Memorial Healthcare Systems (MHS) had paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of HIPAA’s Privacy and Security Rules...more

Health Care E-Note - Februaury 2017

Ransomware: A Reportable Breach? In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical...more

Technical Noncompliance with HIPAA Can Lead to Big Penalties

As discussed in prior client alerts, the Office of Civil Rights (OCR), the agency charged with HIPAA enforcement, has increased HIPAA compliance initiatives in recent months and is poised to continue its enforcement...more

To Settle or Not to Settle – That Is the Question Raised by Recent HIPAA CMPs

On February 1, 2017, the Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that the Children’s Medical Center of Dallas (“Children’s”) has paid a civil monetary penalty (“CMP”) of $3.2 million...more

Title IX Implications for Higher Education Institutions Over Peer Gender-Based Harassment

Many higher education institutions are well-versed in Title IX compliance and litigation issues as they relate to gender discrimination claims on account of university conduct, or claims arising out of sexual assaults on...more

TortSource: Ransomware: A Reportable Breach?

In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more

HIPAA Enforcement Update (October 2016 – January 2017)

Since October 2016, the Department of Health and Human Services, Office for Civil Rights (OCR) announced four settlement agreements to resolve allegations of Health Insurance Portability and Accountability Act (HIPAA)...more

HIPAA Small Breach Notification Due March 1: “In Like a Lion, Out Like a Lamb” if You Submit Timely

March 1, 2017 is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health information that were...more

Hospital pays $3.2M Resulting from HIPAA Security Rule Noncompliance

In one of the last health care related acts of President Obama’s administration, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), imposed a multimillion-dollar HIPAA civil money penalty (CMP)...more

Lack of Timely Action and Knowledge of Risk Results in $3.2 Million Civil Monetary Penalty for HIPAA Violations

Children’s Medical Center of Dallas (Children’s) was hit with a $3.2 million civil penalty from the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) for failing to take steps to properly protect...more

Title IX Update: February 2017 - Recent Title IX Developments

Elmira College – December 2016 OCR recently released a Resolution Letter and Resolution Agreement in relation to a complaint filed with OCR against Elmira College. While noting in its Press Release that “Elmira College...more

Children’s Medical Center of Dallas Clobbered by OCR

In a rare move by the OCR, it assessed a $3.2 million fine against Children’s Medical Center of Dallas (Children’s) after it issued a Notice of Proposed Determination against Children’s and Children’s failed to request a...more

"Privacy & Cybersecurity Update - January 2017"

In this edition of our Privacy & Cybersecurity Update, we discuss how the prospect of a new chair and three new commissioners at the FTC may impact the agency's approach to cybersecurity regulation, a new Massachusetts...more

HHS Reaches $2.2 Million Settlement With Life Insurance Company For Impermissible Disclosure Of ePHI

On January 18, the U.S. Department of Health and Human Services, Office for Civil Rights (“HHS OCR”) announced that it had agreed to a $2.2 million settlement with MAPFRE Life Assurance Company of Puerto Rico (“MAPFRE Life”),...more

Key HIPAA Settlement Agreements by HHS’s Office for Civil Rights in 2015 & 2016

The last time this blog presented an overview of key HIPAA settlement agreements at the Office for Civil Rights in the U.S. Department of Health and Human Services was a review of 2014. The number of complaints that year had...more

Privacy and Data Security: 2017 Year in Preview

Few issues keep executives awake at night more than Privacy and Data Security. New regulations and threats alike are plentiful, varied, and evolving. The rate of change for cybersecurity and information governance continues...more

Heighten Importance for March 1, 2017 HIPAA Small Breach Reporting Deadline

With OCR’s recent announcement of its first enforcement action for lack of timely breach notification and its increased focus on small breaches, the upcoming annual reporting deadline for small breaches takes on increased...more

OCR settles with MAPFRE for $2.2 Million

MAPFRE Life Assurance Company of Puerto Rico learned the hard way about the risk of loss of patient information with portable devices like USBs, even when they are stored in the IT Department....more

What Did They Say About Cybersecurity in 2016? 8 Proclamations from Regulators and the Courts

There is no such thing as compliance with the NIST Cybersecurity Framework (FTC). In September, the FTC dispelled a commonly held misconception regarding the NIST Framework: It “is not, and isn’t intended to be, a standard or...more

Lessons Learned from Recent OCR Settlements

We can learn some valuable lessons about compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) from settlements that are announced by the U.S. Department of Health and Human Services, Office...more

2016 – Health Law Year in Review

We are pleased to present our annual review of developments in the field of health law. The year was marked by key changes in False Claims Act jurisprudence and Medicare payment policy. 2016 also brought with it focused...more

Recent HIPAA Enforcement Actions

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced the first ever settlement related to a Covered Entity’s untimely breach notification in violation of HIPAA. Presence Health,...more

Tracking the Data Bandits

In the iconic western, Butch Cassidy and the Sundance Kid, Butch and Sundance are hard pressed to evade a posse led by the semi-mythical lawman, Joe Lefors, who is so adept that he manages to track them across solid rock. The...more

828 Results
|
View per page
Page: of 34
Popular Topics

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×