News & Analysis as of

Department of Health and Human Services (HHS) Data Breach HITECH Act

Benesch

Annual Report to Congress on Breaches of Unsecured Protected Health Information

Benesch on

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more

BakerHostetler

HHS OCR Provides Annual Report to Congress Detailing 2022 Enforcement Activities

BakerHostetler on

On Feb. 16, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published its 2022 Annual Report to Congress. ...more

Saul Ewing LLP

HHS OCR Issues Its Most Recent HIPAA Annual Report and a Second Ransomware Settlement

Saul Ewing LLP on

On February 14, 2024, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) issued two reports to Congress as required by the Health Information Technology for Economic and Clinical Health...more

BakerHostetler

HHS Announces New Divisions to Address Weighty Case Load

BakerHostetler on

On February 27, 2023, the U.S. Department of Health and Human Services (HHS) announced that its law enforcement agency – the Office for Civil Rights (OCR) – will reorganize, adding new divisions to better address the rapid...more

Saul Ewing LLP

HHS OCR Publishes 2021 HIPAA Complaint and Breach Reports

Saul Ewing LLP on

The 2021 calendar year reports from HHS OCR describe OCR’s efforts that calendar year and are instructive tools for all parties who need to comply with HIPAA to understand macro-level trends....more

Health Care Compliance Association (HCCA)

Report on Patient Privacy Volume 22, Number 11. MD Anderson Won Against OCR, But Agency’s Response—Including on Fines—Keeps...

Report on Patient Privacy Volume 22, Number 11. (November 2022) Nearly five years passed from the time the University of Texas MD Anderson Cancer Center reported to the HHS Office for Civil Rights (OCR) that three...more

Woods Rogers

HIPAA Security Rule: What are “Recognized Security Practices” and why are they important?

Woods Rogers on

A strong cybersecurity program can help defend against cyber attacks and protect sensitive patient data. Thanks to a 2021 amendment of the HITECH Act, when a breach occurs, it can also reduce enforcement penalties. The...more

Health Care Compliance Association (HCCA)

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

Sheppard Mullin Richter & Hampton LLP

What Does the Fifth Circuit’s Vacating of HHS HIPAA Fines Mean for Companies This Year?

Will HHS’ approach for imposing penalties in the aftermath of a data breach become a little clearer in 2021? This is a distinct possibility in the wake of a Fifth Circuit decision vacating penalties against MD Anderson Cancer...more

Sheppard Mullin Richter & Hampton LLP

Learning from the Mistakes of Others: OCR Releases Audit Report

The HHS Office for Civil Rights released, at the end of last year, findings from audits it conducted in 2016 and 2017 of 166 covered entities and 41 business associates. The report represents the periodic audit that the...more

Mintz - Privacy & Cybersecurity Viewpoints

Health Care Data Breaches Are Increasing Both in Number and Cost

It feels like we’ve been seeing a lot more health care breaches caused by hackers and other IT security incidents, and there’s a good reason why: a recent report by cloud security company Bitglass confirms that both the...more

Sheppard Mullin Richter & Hampton LLP

2019 Year in Review: Notable Changes in Law, Policy, and Enforcement of HIPAA

According to a December 20, 2019 Report by HIPAA Journal, nearly 39 million health care data breaches had been reported to the U.S. Department of Health and Human Services (“DHHS”), Office of Civil Rights (“OCR”) by the end...more

Jones Day

HHS Releases Guidance on Direct Liability for Business Associates Under HIPAA

Jones Day on

The Situation: On May 24, 2019, the Department of Health and Human Services ("HHS") issued a new fact sheet clarifying business associates' direct liability for violations of the Health Insurance Portability and...more

K&L Gates LLP

K&L Gates Triage: HIPAA Enforcement Discretion, Disputes, and Data

K&L Gates LLP on

The U.S. Department of Health and Human Services recently released a notice of enforcement discretion announcing changes in how the agency will assess civil monetary penalties for violations of the Health Insurance...more

Ballard Spahr LLP

HHS Decreases Maximum HIPAA Penalties

Ballard Spahr LLP on

The Department of Health and Human Services has announced that it is lowering the maximum amount it will assess for most types of HIPAA violations. Although the change is couched as an exercise of discretion, HHS states that...more

Robinson+Cole Health Law Diagnosis

HHS Exercises Discretion to Reduce Maximum Annual Civil Money Penalties for Certain HIPAA Violations

On April 26, 2019, the U.S. Department of Health and Human Services (HHS) issued a Notification of Enforcement Discretion (Notice) regarding imposition of Civil Money Penalties (CMPs) under HIPAA. ...more

Hogan Lovells

HIPAA Penalty Caps to Be Reduced and Tied to Culpability Level

Hogan Lovells on

In a dramatic turn, the US Department of Health and Human Services (HHS) has announced that effective immediately, penalties for many HIPAA violations will be subject to substantially reduced limits. ...more

Sheppard Mullin Richter & Hampton LLP

Cybersecurity, Inside Jobs, Outside Jobs, and HIPAA

According to a February 12, 2019 Press Release from Protenus, a developer of analytics for patient privacy monitoring and compliance, 15,085,302 patient records were breached in 2018 – a startling number made even more...more

Holland & Knight LLP

Impact of the New Health Industry Cybersecurity Practices: 2019 Outlook

Holland & Knight LLP on

• The U.S. Department of Health and Human Services on Dec. 28, 2018, announced the release of the "Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients" that provides a "Call to Action" to make...more

Williams Mullen

HIPAA Check: Do You Know What to Do if a Breach Happens to You?

Williams Mullen on

Breaches happen. They happen to major health systems, and they happen to solo practitioners. They happen to health plans, and they happen to health information technology vendors. In our technology-reliant world, it would be...more

Jackson Lewis P.C.

Enhanced HHS HIPAA Breach Reporting Tool May Aid Health Care Industry Data Security Efforts

Jackson Lewis P.C. on

Secretary Tom Price of the U.S. Department of Health and Human Services (HHS) announced his agency needs “to focus more on the most recent breaches and clarify when entities have taken action to resolve the issues that might...more

Davis Wright Tremaine LLP

DWT Releases Latest Health Care Breach Charts

Following the HITECH Act, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) issued regulations requiring HIPAA covered entities to provide certain notifications for breaches of unsecured...more

Stinson LLP

HHS Publishes New Guidance on HIPAA and Cloud Computing

Stinson LLP on

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has issued a new guidance regarding HIPAA compliance and the use of cloud computing solutions. The guidance is intended to assist covered entities...more

Morgan Lewis

OCR Begins HIPAA Phase 2 Audits

Morgan Lewis on

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

BakerHostetler

Illinois Enacts Sweeping Changes to the Illinois Personal Information Protection Act

BakerHostetler on

On May 6, 2016, Illinois joined a growing number of states that have strengthened their data breach notification requirements and expanded the definition of protected personal information. Effective January 1, 2017, HB1260...more

74 Results
 / 
View per page
Page: of 3

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide