Updates to Statute 1557 that Healthcare Providers Need to Know
Privacy and Healthcare Business Associates with Isabella Porter
State Law Privacy Video Series | Healthcare Entities and Health Data
Gerry Blass on Healthcare Vendor Risk Management
AGG Talks: Technology - In the Balance: Interoperability and Security
Is Your Practice's Marketing HIPAA Compliant?
Relaxed HIPAA Restrictions For Providers Using Telehealth
Compliance Perspectives: Permissible Disclosures under HIPAA, Especially in the Time of COVID-19
Polsinelli Podcasts - Confusion to Clarity on the Future of the 340B Program
Polsinelli Podcast - HIPAA Changes Overview
Last year, the federal Office for Civil Rights (OCR) modified the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to strengthen protections for reproductive health care information (the â2024 Ruleâ)....more
A single incident that may have started as a personal vendetta or an extortion threat seven years ago has cost a Florida health care system $800,000, and comes on the heels of an unrelated breach suffered by a different...more
Health care organizations are under pressure to shore up their cybersecurity response efforts. Much of this pressure is coming from the US Department of Health and Human Services Office for Civil Rights (OCR), which has made...more
In the first five months of 2025, the U.S. Department of Health and Human Servicesâ (HHS) Office for Civil Rights (OCR) announced it had entered into ten Health Insurance Portability and Accountability Act (HIPAA) resolution...more
In October, the HHS Office for Civil Rights (OCR) fined Providence Medical Institute (PMI) $240,000, an amount that reflected a 20% discount for having ârecognized security practicesâ (RSPs) in place. But many more covered...more
Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more
Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more
In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more
In the first part of this blog post, we looked into the OCR and FTCâs focus on third-party tracking technologies. We also reviewed the AHA Lawsuit and its impact for the use of tracking technologies. In this blog post, we...more
On October 31, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) embraced the end of Spooky Season by announcing two more ransomware-related enforcement actions. ...more
Covered entities (CEs) and business associates (BAs) may receive a âdiscountâ for having recognized security practices (RSPs) in place when the HHS Office for Civil Rights (OCR) calculates financial penalties for Security...more
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more
The federal agency responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) â the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services â recently submitted...more
Nearly two months after settlement was reached, the Department of Health and Human Services Office for Civil Rights (HHS OCR) announced on Feb. 6 that it obtained a resolution agreement with Montefiore Medical Center over...more
Ideal for professionals with some compliance knowledge and experience, HCCAâs Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more
Late last year, the Department of Health and Human Services (HHS) issued its first HIPAA settlement agreement involving a ransomware attack. In the press release announcing the settlement, HHS stated that they began...more
2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Actâs (âHIPAAâ) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more
October has been a busy month for the OCR, which is tasked with enforcing the regulations issued under HIPAA. In the past week, the OCR released two new guidance documents aimed at reducing the privacy and security risks...more
Designed for professionals with some compliance knowledge and experience, HCCAâs Healthcare Privacy Compliance Academy is ideal for practitioners who want a deeper understanding of effective compliance management in a...more
Over the past decade, the number of health care data breaches reported to the U.S. Department of Health and Human Servicesâ Office for Civil Rights (âOCRâ) has increased dramatically. From 2009 to 2022, over 5,000 data...more
The Right of Access Initiative by the Office for Civil Rights (OCR) at the Department of Health and Human Services (HHS) began in 2019. On September 20, 2022, the OCR published its latest press release on the matter...more
Report on Patient Privacy 22, no. 10 (October, 2022) - How about free? Patients daily face the machinations of getting records from their providers, and health care practices, hospitals and even dentists struggle with...more
On August 23, 2022, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) announced a $300,640 settlement and a Corrective Action Plan (âCAPâ) with New England Dermatology P.C., d/b/a...more
The HHS Office for Civil Rights (OCR) recently imposed a $50,000 civil monetary penalty on a dental practice that disclosed patient-identifying information in response to a negative online review. The case is a reminder that...more