News & Analysis as of May 6, 2025

Cybersecurity › Office of Civil Rights › Privacy Laws

+ Follow

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now. less -

OCR Loses Staff, Faces Move to New ‘Enforcement’ Office; Will HIPAA Focus, Independence Suffer?

Health Care Compliance Association (HCCA) on 4/15/2025

Today, the HHS Office for Civil Rights (OCR) stands shoulder-to-shoulder with the likes of the Office of Inspector General and Office of General Counsel, one of just a dozen or so agencies reporting directly to the secretary....more

$1.5M Warby Parker Fine a Holdover; OCR Focuses On Men in Sports, Antisemitism, ‘Biological Truth’

Health Care Compliance Association (HCCA) on 3/12/2025

Nearly six years to the day that Warby Parker reported a breach affecting nearly 200,000 individuals, the HHS Office for Civil Rights (OCR) imposed a $1.5 million fine on the eyewear giant. Investigated by OCR under the Biden...more

We’ll Take the Fine: OCR’s ‘Unwarranted,’ Costly Demands Prompted Hospital’s $538K Payment

Health Care Compliance Association (HCCA) on 2/7/2025

The saga that led Children’s Hospital Colorado to accept a fine of more than $500,000 imposed by the HHS Office for Civil Rights (OCR) began on July 11, 2017, when a physician’s email account containing details on 3,300...more

With Nod to OCR, Indiana Inks $350K Deal With Dental Firm Following Hack

Health Care Compliance Association (HCCA) on 1/22/2025

Recent federal enforcement actions have brought home the lesson that there’s really no acceptable reason for denying a patient timely access to medical records. Last year, for example, the HHS Office for Civil Rights (OCR)...more

New York Adopts Comprehensive Hospital Cybersecurity Requirements

Sheppard Mullin Richter & Hampton LLP on 1/6/2025

Cyberattacks on healthcare organizations are on the rise, with the number of affected individuals nearly tripling between 2022 and 2024, according to data compiled by the Department of Health and Human Services Office for...more

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Foley Hoag LLP - Security, Privacy and the... on 12/30/2024

The Department of Health and Human Services (HHS) has proposed significant modifications to the HIPAA Security Rule and the HITECH Act in an attempt to strengthen cybersecurity protections for electronic protected health...more

OIG Recommends Changes to HIPAA Audit Program to Strengthen Data Protections, Implications for Regulated Entities

Brooks Pierce on 12/5/2024

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is required by law to perform periodic audits of covered entities and business associates to ensure their compliance with HIPAA Security Rule...more

Privacy Briefs: November 2024

Health Care Compliance Association (HCCA) on 11/14/2024

Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more

Navigating the Fallout: Essential Insights for Healthcare Companies in Light of the Change Healthcare Cyber Breach

Ankura on 10/7/2024

The cyber breach at Change Healthcare in 2024 stands out as one of the most significant cyber-attacks in recent memory. Its repercussions extend far beyond immediate industry disruptions, resonating deeply in regulatory...more

Privacy Briefs: August 2024

Health Care Compliance Association (HCCA) on 8/21/2024

On July 19, Change Healthcare Ince. filed a breach report with HHS Office for Civil Rights (OCR) concerning its mammoth ransomware attack and breach. The organization’s breach report to OCR identifies just 500 individuals as...more

Seven Years After Worldwide NotPetya Attacks, OCR Singles Out PA System, Collects Nearly $1M

Health Care Compliance Association (HCCA) on 8/21/2024

Unleashed on June 27, 2017, NotPetya caused an estimated $10 billion in damages globally, among the costliest ransomware attacks in history. In 2018, the Trump administration—in tandem with the British government—blamed...more

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

Health Care Compliance Association (HCCA) on 5/13/2024

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

Privacy Briefs: May 2024

Health Care Compliance Association (HCCA) on 5/13/2024

Kaiser Permanente is notifying 13.4 million current and former members that their personal information may have been compromised when it was transmitted to tech giants Google, Microsoft Bing and X (formerly Twitter) when...more

Key Takeaways from OCR’s CY22 HIPAA Reports to Congress

ArentFox Schiff on 5/9/2024

On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more

[Event] Healthcare Privacy Compliance Academy - July 15th - 18th, Charlotte, NC

Health Care Compliance Association (HCCA) on 3/13/2024

Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more

Health Care Privacy and Security In 2024: Six Critical Topics to Watch

Mintz - Health Care Viewpoints on 1/26/2024

As we reflect on the flurry of activity in the health care data privacy and security space in 2023 and look ahead to what will continue to be a busy 2024, we are seeing the early stages of federal agency movement to align the...more

HHS Publishes Roadmap of New Strategy for Cybersecurity in the Healthcare Sector

Proskauer - Health Care Law Brief on 12/8/2023

The U.S. Department of Health and Human Services (HHS) recently issued a strategy paper highlighting key aspects of its plan to revamp cybersecurity requirements in the healthcare industry. Citing a 93% increase in large data...more

Privacy Briefs: November 2023

Health Care Compliance Association (HCCA) on 11/10/2023

Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more

11 Years After First Disclosure, L.A. Care Pays $1.3M, Says ‘Processing Errors’ Caused Breaches

Health Care Compliance Association (HCCA) on 10/6/2023

Report on Patient Privacy 23, no. 10 (October, 2023) By 2016, it should have been clear to HIPAA covered entities that a security risk analysis—and corresponding risk management plan—were compliance basics. Yet, a new...more

Privacy Briefs: June 2023

Health Care Compliance Association (HCCA) on 6/9/2023

Privacy Briefs: June 2023 - Long-term care pharmacy network PharMerica disclosed a breach involving more than 5.8 million patients, making it the largest breach reported to the HHS Office for Civil Rights (OCR) in the last...more

Reviewing Online Tracking Technologies Could Keep HIPAA-Regulated Entities Out of Hot Water

Woods Rogers on 4/4/2023

A patient surfs a hospital system’s website and reads an article about depression and anxiety. The patient then searches the hospital’s website for mental health providers in the area. A few hours later, the patient logs into...more

The BR Privacy & Security Download: January 2023

Blank Rome LLP on 1/13/2023

What We’re Watching in 2023 - Happy New Year from the BR Data Privacy and Security Download! 2022 was a busy year for data privacy and security. State and federal regulatory agencies flexed their enforcement muscle, we...more

Decoded: Technology Law Insights - Issue 24, 2022

Spilman Thomas & Battle, PLLC on 12/16/2022

North Carolina Power Outage Points to Homeland Security Long-Documented Threats to US Power Grid - “Moore County blackouts serve as reminder that nation’s electricity infrastructure could be vulnerable targets for domestic...more

[Event] Healthcare Privacy Compliance Academy - March 6th - 9th, Phoenix, AZ

Health Care Compliance Association (HCCA) on 12/2/2022

Designed for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy is ideal for practitioners who want a deeper understanding of effective compliance management in a...more

[Event] Healthcare Privacy Compliance Academy - December 5th - 8th, Anaheim, CA

Health Care Compliance Association (HCCA) on 11/1/2022

Each Academy provides three-and-a-half days of classroom-style training covering the latest laws, regulations, and developments to help you effectively manage your organization’s compliance program. They are ideal for...more

39 Results

/

View per page

Page: of 2

Next »