Hybrid Workforces and Compliance with Sheila Limmroth
HIPPA: Privacy & Security and Potential Rule Changes
Compliance Perspective: What's New in Healthcare Privacy
The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000....more
Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more
Background - On March 21, 2025, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced a settlement with Health Fitness Corporation (“Health Fitness”), a company that provides wellness...more
In terms of healthcare data breaches, 2024 was the worst year ever, with the records of at least 53% of the U.S. population involved and two of the biggest healthcare data breaches of 2024 ranking in the top 10 of all time. ...more
On February 20, 2025, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $1.5 million civil money penalty (CMP) against Warby Parker, Inc. (WP). WP is a manufacturer and online...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently imposed a $1.5 million civil money penalty against Warby Parker, Inc., a manufacturer and online retailer of eyewear, for...more
“Almost every stage of modern healthcare relies on stable and secure computer and network technologies.” The above is a direct quote from the Office of Civil Rights for Health & Human Services (“OCR”) in its proposed...more
With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) appears to have made cybersecurity its New Year’s resolution. The first few weeks of 2025 have already brought with them proposed amendments to...more
DOJ Final Rule: New US Restrictions on Nearly All Foreign Access to Personal Data - The National Security Division of the United States Department of Justice has issued a sweeping final rule that would prevent access to...more
“Through December 20, 2024, 575 security incidents involving unsecured protected health information affecting 500 or more individuals had been reported to Health and Human Services. Through the same date in 2023, 265...more
December 2024 was an active month for the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"). OCR announced (i) a $1.19 million civil monetary penalty ("CMP") against Gulf Coast Pain...more
With the HIPAA Security Rule set to undergo a massive overhaul to boost cybersecurity protections, PEOs need to take note. After all, as stewards of worksite employee and client company data – and as sponsors of group health...more
The Biden Administration’s Office for Civil Rights delivered on its promise to propose an update to the HIPAA Security Rule. Our Health Care and Privacy, Cyber & Data Strategy groups summarize key points from the new rule and...more
On December 27, 2024, the Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) related to the Security Rule under the Health Insurance Portability and Accountability Act (HIPAA). ...more
The HIPAA Security Rule may soon undergo a big overhaul that would better defend healthcare data from cybersecurity threats – and require much more from covered entities when it comes to establishing and maintaining defenses....more
In response to an alarming increase in the size and frequency of large-scale data breaches involving protected health information, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) dropped a bit of...more
What better way to welcome the new year than with proposed new HIPAA Security Rules? As 2024 came to an end, the U.S. Department of Health and Human Services announced new proposed regulations to strengthen cybersecurity and...more
‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more
The U.S. Department of Health and Human Services (HHS) has issued an unpublished Notice of Proposed Rulemaking (NPRM) that strengthens the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and, if...more
Last fall at the Safeguarding Health Information: Building Assurance Through HIPAA Security 2024 conference, U.S. Department of Health & Human Services Office for Civil Rights (OCR) promised that before year’s end, it would...more
As summarized in our prior article on this topic, individual coverage health reimbursement arrangements (ICHRAs) are gaining popularity and constituting a larger part of the overall employer-provided health coverage market. ...more
The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate...more
On November 1, 2024, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a $90,000 settlement with Bryan County Ambulance Authority (“BCAA”), a provider of emergency medical...more
HCCA's Healthcare Privacy Compliance Academy is a three-and-a-half-day interactive education program with a focus on the vast body of privacy laws and regulations in place to help you protect PHI and other critical data. Our...more