[Webinar] EHS in the Cannabis Industry: What Happens When the E stands for Enforcement?
Pamela Para on Effective Investigations in Healthcare
Susan Roberts on Creating a Compliance Program Book
Reasonable minds can differ
Compliance Perspectives: Risk and the 2020 Compliance & Ethics Institute
How to Assess the Likelihood of Success in Deciding Whether to Bring a Bid Protest
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced two settlements with HIPAA-covered entities – one in Washington State and one in New Jersey with settlements of $240,000...more
Report on Patient Privacy 20, no. 1 (January 2020) - In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more
Are your employees instructed on the proper (and improper) use of social media? Does your organization have policies and provide training on the appropriate handling of sensitive information? A recent United States Department...more
This is the first episode in K&L Gates’ three-part series on the 340B Program with Chris Hatwig, President of Apexus, LLC. Apexus serves as HRSA’s Prime Vendor in administering the 340B Program, including by publishing...more
Over the past several months, the Health Resources and Services Administration (HRSA) has issued a number of guidance updates related to the agency's expectations for health care providers participating in the 340B drug...more
With respect to enforcement, the Department of Health and Human Services, Office for Civil Rights (OCR) announced two Settlement Agreements to resolve allegations of HIPAA violations between May and October of 2017. Neither...more
A recent settlement of $2.5 million for alleged violations of the Health Insurance Portability and Accountability Act ("HIPAA") continues a trend of government enforcement targeting health care providers and vendors that fail...more
On April 24, 2017, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced that CardioNet, Inc. (CNI) agreed to pay $2.5 million and enter into a Corrective Action Plan (CAP) to settle...more
The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars. Earlier this month,...more
The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more
On October 18, 2016, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced that St. Joseph Health (SJH) agreed to settle allegations relating to the HIPAA Privacy and Security Rules,...more
On October 18, 2016, the Department of Health and Human Services, Office of Civil Rights (“OCR”) announced a $2.14 million settlement with St. Joseph Health (“St. Joseph”), a non-profit integrated Catholic healthcare delivery...more
This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of...more
On August, 4, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that Advocate Health Care Network (Advocate) agreed to pay a settlement amount of $5.55 million and adopt a...more
The government has entered into its first settlement with a HIPAA business associate, including a $650,000.00 monetary penalty, ushering in a new period of enforcement for third parties who use Protected Health Information...more
Many U.S. employers are now allowing employees to use their own personal handheld devices and laptop computers for work-related purposes. As the age of employer-provided devices is coming to an end and “bring your own device”...more
On June 30, the Office of Civil Rights (OCR) announced the first HIPAA settlement agreement with a business associate. This follows recent settlements with two HIPAA covered entities under HIPAA due, in large part, to the...more
OCR has announced several recent settlement agreements to resolve violations of the Health Insurance Portability and Accountability Act (“HIPAA”). These settlement amounts range from $25,000 to $3.9 million dollars and...more
The Office of Civil Rights (OCR) within the U.S. Department of Health and Human Services (DHHS) recently announced that it has initiated Phase 2 of its audit program to assess Covered Entities’ and Business Associate’s...more
For our HIPAA-covered entity readers, we have asked these questions before: Have you taken a business associate inventory? Have you undertaken a comprehensive risk assessment as required by HIPAA?...more
On March 16, 2016, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced that North Memorial Health Care of Minnesota (“Memorial”) agreed to pay $1.55 million to resolve allegations that...more
As we have repeatedly emphasized on this blog, HIPAA Covered Entities must ensure that they have compliant business associate agreements (“BAAs”) in place with all of their business associates and must ensure that they have...more
This Halloween, the scariest monsters might not be in your closet or under your bed. They may be overseas, orchestrating intrusions into your electronic medical record. Or they may be lurking in your own workforce, carrying...more
The HHS Office for Civil Rights (OCR) must improve its oversight and enforcement of patient information privacy and security rules by “covered entities” and their business associates under the Health Information Portability...more
As HIPAA-regulated entities anxiously await the commencement of the Phase II HIPAA audit program, the Office of the Inspector General (OIG) for the Department of Health and Human Services (HHS) has issued a report critical of...more