On March 26, 2024, the HHS Office of Inspector General (OIG) released a cybersecurity toolkit for HHS leaders to help them plan and deploy information systems in response to disasters and public health emergencies. The...more
Change Healthcare Cyberattack -
On February 21, 2024, Change Healthcare—a healthcare technology company owned by UnitedHealth Group—issued a statement that it had been impacted by a ransomware attack. According to Change...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.4 of their Security Risk Assessment...more
The Notifications of Enforcement Discretion issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act during the...more
5/15/2023
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HITECH Act ,
New Guidance ,
OCR ,
PHI ,
Public Health Emergency ,
Telehealth ,
Telemedicine
Like many regulatory standards, enforcement of HIPAA was relaxed as part of the COVID-19 pandemic response. With the end of the public health emergency declaration on May 11, 2023, the broad relaxed HIPAA enforcement also...more
On January 11, 2023, the Department of Health and Human Services extended the COVID-19 public health emergency through at least April 11, 2023. This is the twelfth extension of the PHE since January 2020. HHS last renewed the...more
On December 1, 2022, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services issued a bulletin to highlight the obligations of Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
As more and more of us return to the office, it’s a good time to revisit the passwords you use. It is therefore timely that the U.S. Department of Health and Human Services, Health Sector Cybersecurity Coordination Center...more
On Monday, April 18, 2022, Judge Kathryn Kimball Mizelle of the Middle District of Florida issued a 59-page order striking down the CDC’s national mask mandate on airplanes and mass transit, which was based on a regulation...more
April 14, 2022 On April 12, 2022, Secretary Becerra of the U.S. Department of Health and Human Services extended the existing public health emergency for 90 days, effective April 16, 2022, until July 15, 2022...more
On February 4, 2022, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted FAQs designed to make clear that civil rights protections remain in full force and effect during disasters or...more
On January 14, 2022, Secretary Becerra of the U.S. Department of Health and Human Services extended the existing public health emergency for 90 days, until April 16, 2022. Without this extension, the declaration would have...more
On September 30, 2021, the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR)issued guidance to help the public understand when the Health Insurance Portability and Accountability Act of 1996...more
10/4/2021
/ Americans with Disabilities Act (ADA) ,
Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Mine Safety and Health Administration (MSHA) ,
New Guidance ,
OCR ,
OSHA ,
PHI ,
Privacy Rule ,
Vaccinations ,
Workplace Safety
On January 7, 2021, Secretary Azar of the U.S. Department of Health and Human Services extended the existing public health emergency for 90 days, until April 21, 2021. Without this extension, the declaration would have...more
Nearly 20 years to the day after the first HIPAA privacy regulations were announced, HHS has posted proposed revisions to HIPAA, evidence that even after twenty years, HIPAA privacy remains a work in progress. These proposed...more
On October 28, 2020, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services...more
On March 24, 2020, the Office for Civil Rights (OCR) at the Department of Health and Human Services issued guidance on how HIPAA covered entities may disclose protected health information (PHI) about an individual who has...more
The coronavirus and Covid-19 are impacting everything and everyone, and certainly health information privacy. Here is a useful summary of health information issues to be mindful of from HHS OCR on HIPAA privacy and the...more
For the first time in over a decade, the U.S. Department of Education (DoE) and the Office for Civil Rights at the U.S. Department of Health and Human Services (OCR) have released updated joint guidance addressing the...more
12/23/2019
/ Colleges ,
Consent ,
Department of Education ,
Department of Health and Human Services (HHS) ,
Educational Institutions ,
FERPA ,
Health Care Providers ,
HIPAA Privacy Rule ,
New Guidance ,
OCR ,
PHI ,
Student Privacy ,
Student Records ,
Students ,
Universities ,
Written Consent
In a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties issued on April 23, 2019, the Department of Health and Human Services (HHS) exercised “its discretion in how it applies HHS regulations...more
The concept that one is known by the company one keeps dates back to ancient times (the particular phrase is attributed to both Aesop and the Book of Proverbs). But this simple aphorism continues to be true. A recent example...more
Allergy Associates of Hartford, P.C. (“Allergy Associates”), has agreed to pay $125,000 to the Office for Civil Rights (“OCR“) at the U.S. Department of Health and Human Services (“HHS”) and to adopt a corrective action plan...more
Following President Trump’s declaration of a nationwide public health emergency regarding the opioid crisis, the HHS Office for Civil Rights has released new guidance on when and how health care providers can share a...more
On February 16, 2017, HHS OCR announced that Memorial Healthcare Systems (MHS) had paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of HIPAA’s Privacy and Security Rules...more
2/20/2017
/ Conflict Resolution ,
Corrective Actions ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Identity Theft ,
OCR ,
Personal Data ,
Personally Identifiable Information ,
Security Rule
More information from HHS OCR about the phishing threat...
..On November 28, 2016, the HHS Office for Civil Rights issued a listserv announcement warning covered entities and their business associates about a phishing...more