HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
On July 19, Change Healthcare Ince. filed a breach report with HHS Office for Civil Rights (OCR) concerning its mammoth ransomware attack and breach. The organization’s breach report to OCR identifies just 500 individuals as...more
Earlier this week, the Biden-Harris Administration, through the Office for Civil Rights (OCR) announced a Final Rule aimed at protecting protected health information (PHI) related to lawfully provided reproductive health care...more
On February 8, 2024, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) jointly issued a final rule to amend the...more
On February 8, 2024, the U.S. Department of Health & Human Services, through the Substance Abuse and Mental Health Services Administration and the Office for Civil Rights (collectively, HHS), issued a Final Rule that amends...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) released its anticipated Final Rule last week. The Final Rule revises...more
After more than a year since the U.S. Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) and Substance Abuse and Mental Health Services Administration (SAMHSA) issued the proposed changes to the...more
The U.S. Department of Health & Human Services (HHS), through the Substance Abuse and Mental Health Services Administration (SAMHSA) and the Office for Civil Rights (OCR), has announced a final rule (the Rule) updating the...more
On February 8, 2024, the federal Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 CFR Part 2 (Part 2) were revised in part to increase patient protection and streamline patient consent...more
The healthcare sector is a prime target for data breaches. According to a summary by the HIPAA Journal, 32% of all data breaches between 2015 and 2022 were in the healthcare sector, “almost double the number recorded in the...more
On June 30, 2023, Mount Desert Island Hospital (“MDIH”) filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after discovering that an unauthorized party had gained...more
“The guidance reminds the public that the HIPAA Privacy Rule does not apply to employers or employment records.” On September 30, 2021, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights...more
2020 AG Elections- Ten AG elections were held on November 3, 2020. As of this writing, six incumbent AGs won their elections, and Republicans held the open-seats in Indiana and Montana. In the two undecided races, Democratic...more
Under the HIPAA Privacy Rule, individuals have a right to timely access their medical records at a reasonable cost. With some exceptions, a health care provider must provide those records without reasonable delay and within...more
As an Office for Civil Rights (OCR) investigator, I was surprised by the number of times I saw the same issues again and again in Title IX sexual misconduct investigations. Nowhere was this more evident than with...more
The HHS Office for Civil Rights (OCR) issued an Important Notice Regarding Individuals’ Right of Access to Health Records through its email list serve on January 29, 2020. In the Notice, OCR addressed the recent memorandum...more
Google Health’s Partnerships Raise Privacy Concerns - Recently, Google has been at the center of privacy concerns due to its health- sharing collaborations with the University of Chicago Medical Center (the Medical Center)...more
A Florida staffing agency which provides physicians to hospitals and nursing homes, has agreed to a $500,000 settlement with the U.S. Department of Health and Human Services, Office for Civil Rights. The settlement comes...more
On June 18, 2018, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an HHS Administrative Law Judge (“ALJ”) granted summary judgment to OCR in an enforcement action...more
In the second episode of our series on the national opioid crisis, Gina Bertolini discusses the overlay of recent guidance concerning privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA) and...more
In a long-anticipated move, the United States Department of Education Office for Civil Rights withdrew the Obama Administration’s 2011 Dear Colleague Letter on Sexual Violence this morning, as well as its Questions and...more
The injuries suffered by a professional football player brought the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations ("HIPAA") onto center stage of the media during the days...more
In OCR’s April 2011 Dear Colleague Letter, OCR referenced a covered institution’s obligations in the face of knowledge of sexual harassment/misconduct and a victim’s request for confidentiality and/or that the institution not...more
Accretive Health recently agreed to settle a Federal Trade Commission (FTC) complaint that stems from a July, 2011 incident in which an Accretive employee’s laptop was stolen from his car. As a medical billing and revenue...more
A recent Health Insurance Portability and Accountability Act ("HIPAA") settlement, which is notable as the first HIPAA settlement with a covered entity for failure to have policies and procedures in place to comply with...more
On December 5, 2013, the Office of Inspector General (OIG) reported on the Office for Civil Rights’ (OCR) compliance as of May 2011 with oversight and enforcement of the Security Rule and compliance with federal cybersecurity...more