On February 14, 2024, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued two reports to Congress as required by the Health Information Technology for Economic and Clinical Health...more
On February 6, the U.S. Department of Health and Human Services (HHS) announced a $4.75 million settlement with Montefiore Medical Center (MMC) for a breach of unsecured electronic protected health information (ePHI). The...more
On Oct. 31, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced it had settled with Doctors’ Management Services Inc. (DMS) over a self-reported ransomware attack that occurred in...more
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced its first settlement agreement related to a ransomware attack. But it was not the ransomware that triggered OCR’s enforcement...more
Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more
A recent settlement entered into by the nation’s largest publicly operated health plan serves as a stark warning to all entities and business associates subject to the Health Insurance Portability and Accountability Act:...more
On May 16, 2023, the U.S. Department of Health and Human Services (DHHS) through the Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Portability and Accountability Act...more
On February 2, 2023, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reached a settlement with Banner Health Affiliated Covered Entities (“Banner Health”) for a 2016 data breach that...more
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on February 2 that Banner Health, a not-for-profit hospital system based in Arizona, has paid $1.25 million in order to settle alleged...more
The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) entered into a Resolution Agreement (“Agreement”) with Banner Health on behalf of Banner Health Affiliated Covered Entities (“Banner”) to remedy...more
Report on Patient Privacy 22, no. 9 (September, 2022) - When recommending best practices, federal privacy and security officials stress that organizations need to follow their protected health information (PHI) wherever...more
On August 23, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that Massachusetts-based New England Dermatology, P.C., d/b/a New England Dermatology and Laser Center (NEDLC), agreed to...more
Report on Patient Privacy 22, no. 8 (August, 2022) - Oklahoma State University Center for Health Sciences’ (OSUCHS) breach might not have seemed all that serious at the time: No data is believed to have been misused,...more
Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
On May 25, 2021, HHS announced that Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories (Peachstate), agreed to a $25,000 settlement and adoption of a comprehensive Corrective Action Plan for...more
In one of the final health care-related actions by the Trump Administration, on January 15, 2021, the United States Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced that Excellus Health...more
The city of New Haven, Connecticut recently agreed to pay $202,400 to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) to settle multiple HIPAA violations in connection with a 2016 incident at...more
On October 30, 2020, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $202,400 Resolution Agreement and Corrective Action Plan (CAP) with the City of New Haven, Connecticut...more
Report on Patient Privacy 20, no. 10 (October 2020) - September was quite the month for enforcement actions by the HHS Office for Civil Rights (OCR). The agency announced eight settlements totaling more than $10 million....more
On September 25, 2020, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) issued a press release announcing that Premera Blue Cross (Premera) had agreed to pay $6,850,000 and...more
Health care providers and contractors continue to be a popular target for hackers. Recently, CHSPSC LLC (CHSPSC), which provides various services to hospitals and clinics indirectly owned by Community Health Systems, Inc. of...more
A proposal by Indiana’s Attorney General Curtis Hill on Wednesday would add a significant step in the incident response process for responding to breaches of security affecting Indiana residents. On Wednesday, during a U.S....more
On September 21, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a $1.5 million agreement with Athens Orthopedic Clinic PA to settle “longstanding, systemic noncompliance” with the...more
Report on Patient Privacy 20, no. 8 (August 2020) - Last month, leaders from Agape Health Services in rural Washington, North Carolina, were happy to share photos of the shell of a building in neighboring Plymouth, that,...more
One side effect of the COVID-19 pandemic on data security is that the sudden need to convert the workplace from onsite to remote operations potentially has required many organizations to use older equipment or personal...more