On November 19, 2020, the Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) announced it had settled its 12th enforcement action in its HIPAA Right of Access Initiative (the...more
On March 3, 2020, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announced a $100,000 settlement and corrective action plan with Steven A. Porter, M.D. to resolve potential...more
3/9/2020
/ Business Associates ,
Covered Entities ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
PHI ,
Settlement
On November 7, 2019, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) imposed a $1.6 million civil money penalty (CMP) against the Texas Health and Human Services Commission (TX...more
Health care providers are heavily reliant on technology in providing clinical services. The findings from a recent research study highlight the significant threat of cyber risks in health care that is in addition to the...more
The U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR") announced earlier this month that an HHS administrative law judge ("ALJ") ruled in favor of the OCR on summary judgment and required MD...more
On December 28, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that 21st Century Oncology, Inc. (21CO) agreed to pay $2.3 Million in lieu of potential civil money...more
In early June 2017, the U.S. Department of Health and Human Services (HHS) Health Care Industry Cybersecurity (HCIC) Task Force released a “Report on Improving Cybersecurity in the Health Care Industry” (the Report). The...more
In one of the last health care related acts of President Obama’s administration, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), imposed a multimillion-dollar HIPAA civil money penalty (CMP)...more
On November 22, 2016, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that University of Massachusetts Amherst (UMA) agreed to settle allegations relating to the HIPAA Privacy...more
The U.S. Department of Health and Human Services, Office of Civil Rights (OCR), has announced a settlement with Lahey Hospital and Medical Center (Lahey) that arose out of a HIPAA breach involving a stolen laptop. The...more
St. Elizabeth’s Medical Center (SEMC), a tertiary care hospital based in Brighton, Mass., agreed to pay $218,400 to address deficiencies in its HIPAA compliance activities. The SEMC settlement continues a pattern of...more
One day after Christmas, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that a Massachusetts-based dermatology practice (Practice) agreed to a $150,000 payment and entered into a...more
On July 8, 2013, WellPoint, Inc., a managed care company (“WellPoint”), agreed to pay a $1.7 million fine to settle a self-reported breach of HIPAA, a key federal health privacy law, that led to the unauthorized disclosure of...more
The OIG recently posted an Advisory Opinion which concluded that a hospital's proposal to provide free access to an electronic interface between the hospital and area physicians for laboratory and diagnostic services was not...more