Although the HHS Office for Civil Rights (OCR) described its recent $4.75 million agreement with a Bronx, New York, hospital as settling a “malicious insider cybersecurity investigation,” the agency considered a total of 11...more
3/12/2024
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Employees ,
Enforcement Actions ,
Health Care Providers ,
Healthcare ,
HIPAA Security Rule ,
HIPAA Violations ,
Hospitals ,
Internal Investigations ,
Popular ,
Risk Assessment ,
Settlement
If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more
1/17/2024
/ Amended Rules ,
Corrective Action Plans (CAPs) ,
Cybersecurity ,
Department of Health and Human Services (HHS) ,
Employee Training ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Security Rule ,
HIPAA Violations ,
OCR ,
PHI ,
Policies and Procedures ,
Proposed Regulation ,
Regulatory Reform ,
Right-To-Access ,
Security Risk Assessments ,
Settlement
Start with a records request. Add a seven months’ wait. Stir in the chaos of the pandemic, with most employees working from home. Blend in a perhaps-neglected post office box. Bake for two-and-a-half years....more
Report on Patient Privacy Volume 23, no 7 (July 2023)
In two public talks this spring, Melanie Fontes Rainer, director of the HHS Office for Civil Rights (OCR), said completing the 2021 proposed regulation extensively...more
7/17/2023
/ Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Healthcare Reform ,
HIPAA Privacy Rule ,
HIPAA Violations ,
Information Blocking Rules ,
Information Technology ,
Investigations ,
OCR ,
Penalties ,
Proposed Regulation ,
Regulatory Requirements
Do you know what research misconduct is, and would you report it if you suspected it?
These deceptively simple questions reflect two pillars of research integrity: recognizing fabrication, falsification and plagiarism...more
Report on Patient Privacy Volume 22, Number 11. (November 2022)
Nearly five years passed from the time the University of Texas MD Anderson Cancer Center reported to the HHS Office for Civil Rights (OCR) that three...more
11/14/2022
/ Administrative Law Judge (ALJ) ,
Civil Monetary Penalty ,
Data Breach ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Violations ,
HITECH Act ,
OCR ,
Patient Privacy Rights ,
PHI ,
Statutory Penalties
Report on Patient Privacy 22, no. 10 (October, 2022) -
How about free?
Patients daily face the machinations of getting records from their providers, and health care practices, hospitals and even dentists struggle with...more
10/10/2022
/ Corrective Action Plans (CAPs) ,
Covered Entities ,
Dentists ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Excessive Fees ,
Health Care Providers ,
HIPAA Violations ,
Medical Records ,
OCR ,
PHI ,
Settlement Agreements
Report on Patient Privacy 22, no. 5 (May, 2022) -
Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
5/6/2022
/ Business Associates ,
Civil Monetary Penalty ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Fines ,
Funding ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
HITECH Act ,
Injunctive Relief ,
OCR ,
PHI ,
Popular ,
Privacy Laws
Report on Patient Privacy 22, no. 4 (April, 2022) -
By many measures, David Northcutt’s unsuccessful 2018 bid for the Alabama senate was a costly one. Northcutt, a dentist, loaned his campaign $73,000 throughout the...more
4/8/2022
/ Breach Notification Rule ,
Business Associates ,
Corrective Action Plans (CAPs) ,
Covered Entities ,
Dentists ,
Email ,
Enforcement Actions ,
HIPAA Privacy Rule ,
HIPAA Violations ,
OCR ,
Online Reviews ,
PHI ,
Policies and Procedures ,
Political Campaigns ,
Privacy Rule ,
Security Rule
Report on Research Compliance 19, no. 2 (January 27, 2022) -
The trial was to be like any other that the clinical research organization (CRO) would oversee. The six-month study, known as VESTRI, would involve pediatric...more
1/28/2022
/ Clinical Trials ,
Criminal Prosecution ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Food and Drug Administration (FDA) ,
Guilty Pleas ,
Health Care Providers ,
Healthcare Fraud ,
Informed Consent ,
Money Laundering ,
Pediatrics ,
Physicians
Report on Research Compliance 18, no. 12 (December, 2021) -
Washington State University’s (WSU) recent settlement with the HHS Office of Inspector General (OIG) for more than $800,000 followed a university-wide audit that...more
12/2/2021
/ Civil Monetary Penalty ,
Department of Health and Human Services (HHS) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
False Claims Act (FCA) ,
Fraud ,
Grants ,
OIG ,
Restitution ,
Salary Caps ,
Settlement Agreements ,
Universities
Report on Patient Privacy 21, no. 5 (May 2021) -
Given the hundreds of thousands of HIPAA covered entities (CEs) and business associates (BAs) and the two dozen or so enforcement actions the HHS Office for Civil Rights...more
5/7/2021
/ Business Associates ,
Cooperation ,
Covered Entities ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Failure to Notify ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Investigations ,
OCR ,
PHI ,
Popular
Report on Patient Privacy 20, no. 12 (December 10, 2020) -
Transparency and contrition are two qualities that HIPAA officials at covered entities (CEs) and business associates (BAs) might want to think about expressing...more
Report on Patient Privacy 20, no. 12 (December 10, 2020) -
In late September, Anthem Inc. entered into a $39.5 million settlement for a 2014 data breach that affected nearly 79 million individuals. About a week later,...more
12/18/2020
/ Cybersecurity ,
Data Breach ,
Data Privacy ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Hackers ,
Health Care Providers ,
Health Insurance ,
HIPAA Breach ,
Medical Records ,
PHI ,
Settlement ,
State Attorneys General
Report on Research Compliance 17, no. 4 (April 2020)
The Food and Drug Administration has accused a University of Michigan physician and professor of conducting research for more than three years after his approval from the...more
4/1/2020
/ Audits ,
Clinical Trials ,
Compliance ,
Conflicts of Interest ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Federal Grants ,
HHS Office of Research Integrity (ORI) ,
Medical Research ,
NASA ,
National Institute of Health (NIH) ,
Office for Human Research Protections (OHRP) ,
Professors ,
Reporting Requirements ,
Sexual Harassment ,
Warning Letters ,
Wrongful Termination
Report on Patient Privacy 20, no. 3 (March 2020) -
A gastroenterologist in Utah who felt he was being held captive by an electronic health record (EHR) vendor found his 2013 complaint to the HHS Office for Civil Rights...more
Report on Research Compliance 17, no. 3 (February 20, 2020) -
Despite its earlier agreement to repay just $5,442 in costs questioned by the National Science Foundation (NSF) Office of Inspector General, the University of...more
2/24/2020
/ Acting Directors ,
Actual Costs ,
Allowable Expenses ,
Arrest ,
Audits ,
China ,
Compliance ,
Criminal Investigations ,
Department of Defense (DOD) ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Espionage ,
False Claims Act (FCA) ,
False Statements ,
FBI ,
Federal Contractors ,
Federal Funding ,
Federal Grants ,
Fraud ,
Harvard University ,
Medical Research ,
Medical School ,
National Institute of Health (NIH) ,
National Science Board (NSB) ,
National Science Foundation ,
OSTP ,
Policies and Procedures ,
Presidential Nominations ,
Reimbursements ,
Scientific Research ,
Smuggling ,
Theft ,
Universities ,
Visa Fraud
Report on Research Compliance 17, no. 2 (January 23, 2020) -
- More than two years after Ozgur Tataroglu’s paper was retracted, the HHS Office of Research Integrity found that it and two grant applications contained...more
1/29/2020
/ Audits ,
Compliance ,
Cross-Border ,
Embezzlement ,
Enforcement Actions ,
False Reporting ,
Federal Grants ,
Global Code of Ethics ,
Global Health Issues ,
HHS Office of Research Integrity (ORI) ,
Integrity Policies ,
Life Sciences ,
Medical Research ,
Medical School ,
National Science Foundation ,
OIG ,
Professors ,
Research Funding ,
Research Papers ,
Retracted Documents ,
Scientific Research ,
State Universities ,
Supervision ,
Suspensions & Debarments
Report on Patient Privacy 20, no. 1 (January 2020) -
In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more
1/13/2020
/ Ambulance Providers ,
Business Associates ,
Compliance ,
Corrective Action Plans (CAPs) ,
Corrective Actions ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
Encryption ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach ,
HIPAA Security Rule ,
OCR ,
PHI ,
Security Risk Assessments ,
Settlement
Report on Patient Privacy 19, no. 12 (December 2019) -
Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more
12/5/2019
/ Billing ,
Billing Errors ,
Business Associates ,
Business Associates Agreement (BAA) ,
Civil Monetary Penalty ,
Compliance ,
Corrective Actions ,
Data Breach ,
Department of Health and Human Services (HHS) ,
Enforcement Actions ,
Health Care Violations ,
HIPAA Breach ,
Hospitals ,
Inadvertent Disclosure ,
Medical Records ,
OCR ,
Patient Privacy Rights ,
PHI ,
Reporting Requirements ,
Settlement