The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is required by law to perform periodic audits of covered entities and business associates to ensure their compliance with HIPAA Security Rule...more
On February 12, 2024, the U.S. Department of Health and Human Services (“HHS”) published a notice in the Federal Register regarding reinstatement of the Health Information Portability and Accountability Act of 1996 (“HIPAA”)...more
In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business...more
Dive into a broad spectrum of topics affecting healthcare organizations. Explore the latest laws, regulations, and developments to help you effectively manage your organization’s privacy compliance program. Our Academies are...more
We expect 2018 to be another year of rapid change within the health care industry. In this episode, Mary Beth Johnston highlights some of the key topics that the health care practice group will monitor in the coming year,...more
Health Care Organizations Saw an 89% Increase in Ransomware in 2017 - Our experience last year is consistent with the conclusion of a new report issued by Cryptonite in its 2017 Health Care Cyber Research Report—that the...more
Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights...more
Thus far in 2017, the U.S. Department of Health and Human Service’s Office for Civil Rights has continued the step-up in HIPAA enforcement activity we saw in 2016 and appears on track to exceed 2016’s enforcement activity. ...more
Last week the Health Care Compliance Association hosted its annual “Compliance Institute.” Iliana Peters, HHS Office for Civil Rights’ Senior Advisor for HIPAA Compliance and Enforcement, provided a thorough update of HIPAA...more
HIPAA privacy guidance, audits, and enforcement are continuing under the new Administration. On March 27, 2017, Iliana Peters, Senior Adviser for HIPAA Compliance and Enforcement at the US Department of Health and...more
Although it is not a new requirement, it is important and therefore worth a reminder: HIPAA requires covered entities to establish and implement written policies and procedures that are consistent with its Privacy and...more
Receiving an email that your practice has been identified for participating in the HIPAA Privacy, Security, and Breach Rules Audit Program is enough to raise anyone’s blood pressure. The likely response is to open the email...more
On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more
The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has posted an alert (and a follow-up alert) warning health plans, health care providers, and their vendors of a mock communication...more
As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more
Editor’s Note: This is the third in a continuing end-of-year series. The year ahead promises to be a busy one for those with responsibility for HIPAA compliance, as the Office of Civil Rights (OCR), charged with...more
Covered Entities and Business Associates may be ringing in the New Year with the prospect of responding to on-site HIPAA audits by federal regulators. The U.S. Department of Health and Human Services Office for Civil Rights...more
Financial organizations that are business associates can expect a wave of HIPAA desk audits to evaluate the HIPAA compliance efforts of business associates. These audits have a limited focus and are conducted by the U.S....more
Phase 2 Audits of Business Associates: The Department of Health and Human Services, Office for Civil Rights (OCR) is in the process of conducting its phase 2 audits of Covered Entities and Business Associates. “Covered...more
Phase 2 of the HIPAA audits is fully underway, and covered entities now can take a breath if they have not received a desk audit request. But we still are at the beginning of Phase 2, with more to come. ...more
On August 4, 2016, the Office for Civil Rights (“OCR”) of the U.S. Health & Human Services Department (“HHS”) announced a $5.55 million HIPAA settlement with Advocate Health Care Network (“Advocate”), the largest...more
In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more
The Office of Civil Rights (OCR) recently uploaded two items of interest: information regarding the largest penalty to date against a single entity, Advocate Health Care Network (Advocate), and HIPAA Phase II Desk Audit...more
Federal regulators announced last week that Illinois’ largest hospital chain would pay $5.5 million, a record payment under the Health Insurance Portability and Accountability Act (HIPAA), in connection with three 2013 data...more
On August 4, 2016, the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) announced a record-setting settlement with Advocate Health Care Network (Advocate) for multiple potential violations of HIPAA...more