HIPAA Security Rule, Data Breach, Settlement

Northeast Radiology Settles with OCR

Robinson+Cole Data Privacy + Security Insider on 4/18/2025

The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000....more

OCR Announces Fifth Settlement Under Its Risk Analysis Initiative

Arnall Golden Gregory LLP on 4/2/2025

Background - On March 21, 2025, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced a settlement with Health Fitness Corporation (“Health Fitness”), a company that provides wellness...more

Two CMPs and One Settlement Close Out 2024 HIPAA Enforcement

Saul Ewing LLP on 1/9/2025

December 2024 was an active month for the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"). OCR announced (i) a $1.19 million civil monetary penalty ("CMP") against Gulf Coast Pain...more

OCR Active with Settlements and Enforcement Actions in November and Early December

Robinson+Cole Data Privacy + Security Insider on 12/12/2024

The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate...more

Emergency Medical Service Provider Agrees to Pay a $90,000 HIPAA Settlement Following Ransomware Attack

Saul Ewing LLP on 11/21/2024

On November 1, 2024, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a $90,000 settlement with Bryan County Ambulance Authority (“BCAA”), a provider of emergency medical...more

Biotech Company Settles with Three State AGs Over Security Practices

Sheppard Mullin Richter & Hampton LLP on 8/28/2024

A biotech company recently settled with three AGs over allegations that it had failed to protect consumer information. According to the AGs of Connecticut, New York and New Jersey, this led to a 2023 data incident. The...more

Employees’ Misdeeds, Lack of Risk Analysis Cost NY Hospital $4.75M; OCR Issues Warning

Health Care Compliance Association (HCCA) on 3/12/2024

Although the HHS Office for Civil Rights (OCR) described its recent $4.75 million agreement with a Bronx, New York, hospital as settling a “malicious insider cybersecurity investigation,” the agency considered a total of 11...more

Business Associate Agreements: Requirements and Suggestions

Holland & Hart LLP on 10/20/2023

The HIPAA Privacy and Security Rules generally require covered entities (including most healthcare providers) to execute written agreements (“business associate agreements” or “BAAs”) with their business associates before...more

Clinical Laboratory Agrees to Settlement with HHS for Potential HIPAA Security Rule Violations Despite Not Being Involved in Data...

King & Spalding on 6/8/2021

On May 25, 2021, HHS announced that Peachstate Health Management, LLC, doing business as AEON Clinical Laboratories (Peachstate), agreed to a $25,000 settlement and adoption of a comprehensive Corrective Action Plan for...more

Small N.C. Health Center Pays Price for 2011 Breach, Noncompliance; 'We Had to Move On'

Health Care Compliance Association (HCCA) on 8/10/2020

Report on Patient Privacy 20, no. 8 (August 2020) - Last month, leaders from Agape Health Services in rural Washington, North Carolina, were happy to share photos of the shell of a building in neighboring Plymouth, that,...more

HIPAA Security Rule › Data Breach › Settlement

"My best business intelligence, in one easy email…"