HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
Based on the results of the Office for Civil Rights (OCR) Health Insurance Portability and Accountability Act of 1996 (HIPAA) Phase 2 desk audits for covered entities, small and mid-sized providers (Smaller Providers) are on...more
Few issues keep executives awake at night more than Privacy and Data Security. New regulations and threats alike are plentiful, varied, and evolving. The rate of change for cybersecurity and information governance continues...more
Editor’s Note: This is the third in a continuing end-of-year series. The year ahead promises to be a busy one for those with responsibility for HIPAA compliance, as the Office of Civil Rights (OCR), charged with...more
The use of cloud service providers has exploded in the past several years. According to estimates from Gartner, the market for cloud services is expected to reach $204 billion in 2016. But the use of cloud service providers...more
Cloud service providers that process electronic protected health information (ePHI) are business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), even if the PHI is encrypted and the...more
The advent of cloud computing has raised questions about how companies subject to HIPAA can take advantage of the technology while still complying with their privacy and security obligations under federal law. In response,...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more
The Health and Human Services Office for Civil Rights (OCR) recently issued guidance regarding the importance of covered entities and cloud service vendors maintaining business associate agreements (BAAs) where electronic...more
The Department of Health and Human Services’ Office of Civil Rights (OCR) has issued guidelines for HIPAA-covered entities that utilize cloud computing in processing electronic protected health information (ePHI). The...more
On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (“OCR”) issued guidance on complying with HIPAA privacy, security, and breach notification rules when using cloud computing technology...more
On October 7, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) published guidance to assist cloud service providers (CSPs) and their customers with HIPAA compliance. As discussed below,...more
On October 7, 2016, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”), released a guidance document (the “Guidance”) on the HIPAA-compliant use of cloud computing technologies. The...more
The Department of Health and Human Services Office for Civil Rights (OCR) issued long-anticipated guidance to help covered entities and their business associates — including cloud service providers (CSPs) — comply with the...more
On October 6, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) released HIPAA guidance on cloud computing (Guidance). The Guidance is intended to help covered entities and business associates...more
Last week, the Department of Health and Human Services’ Office for Civil Rights (OCR) provided guidance for HIPAA covered entities and business associates that use or want to use cloud computing services involving protected...more
Earlier this month, privacy and security professionals from around the globe gathered for “Privacy. Security. Risk. 2015”—the second joint conference between the International Association of Privacy Professionals and the...more
A lot has changed since the HIPAA Privacy Rule was finalized in 2002 and the HIPAA Security Rule was finalized a year later in 2003. The iPhone had not been released (that happened in 2007), Apple had just released the...more
Officials at the U.S. Department of Health and Human Services Office of Civil Rights (HHS OCR) have recently selected a vendor to conduct the second wave of HIPAA audits. These so-called "Phase 2 Audits" are set to commence...more
Alleged HIPAA Violations Resulted from Medical Center’s Failure to Risk Assess Internet-Based Document Sharing Application and Inadequate Breach Response. The US Department of Health and Human Services (HHS) Office for...more
On July 10, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a substantial settlement with St. Elizabeth’s Medical Center (SEMC). Under the terms of the settlement, the hospital...more
In This Issue: - A Baker's Dozen of Significant Changes From the HIPAA/HITECH Rule 1. Business Associates and Subcontractors 2. Breach Notification 3. Covered Entity Organizational Structures 4. Cloud...more
As we have reported in this blog, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released final regulations containing modifications to the HIPAA Privacy, Security, Enforcement, and...more