On March 18, 2024, the US Department of Health and Human Services Office for Civil Rights (OCR) issued an update to its December 1, 2022, bulletin titled “Use of Online Tracking Technologies by HIPAA Covered Entities and...more
3/22/2024
/ Business Associates ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Enforcement Priorities ,
Guidance Update ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Tracking Systems ,
Web Tracking ,
Websites
On April 26, 2019, the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties (the Notice) to inform the public...more
5/10/2019
/ Civil Monetary Penalty ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Eighth Amendment ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HITECH Act ,
OCR ,
Regulatory Agenda ,
Settlement Negotiations
Lack of a sufficient risk analysis continues to be one of the most commonly alleged violations in Office for Civil Rights (OCR) HIPAA enforcement actions, appearing in half of all OCR settlements announced in the last 12...more
The US Department of Health and Human Services Office for Civil Rights recently posted guidance clarifying that a business associate such as an information technology vendor generally may not block or terminate access by a...more
10/27/2016
/ Anti-Kickback Statute ,
Business Associates ,
Corporate Counsel ,
Covered Entities ,
Data Blocking ,
Department of Health and Human Services (HHS) ,
EHR ,
Health Information Technologies ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
OIG ,
PHI ,
Privacy Rule ,
Vendors
Health Insurance Portability and Accountability Act of 1996 (HIPAA) covered entities have reported that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently sent pre-audit screening surveys...more
5/18/2015
/ Audits ,
Breach Notification Rule ,
Business Associates ,
Covered Entities ,
De-Identified Protected Health Information ,
Electronic Medical Records ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Medical Records ,
OCR ,
PHI
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently transmitted HIPAA pre-audit screening surveys to covered entities that may be selected for a second phase of HIPAA compliance audits...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) will soon begin a second phase of audits (Phase 2 Audits) of compliance with Health Insurance Portability and Accountability Act of 1996 (HIPAA)...more
7/30/2014
/ Audits ,
Best Management Practices ,
Business Associates ,
Chief Compliance Officers ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Hospitals ,
PHI ,
Popular
On January 25, 2013, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a final rule (Final Rule) containing modifications to the privacy standards (Privacy Rule), security...more
2/21/2013
/ Business Associates ,
Covered Entities ,
Data Breach ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement ,
GINA ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HITECH Act ,
Notice Requirements ,
OCR ,
PHI ,
Privacy Rule