HIPAA Security Rule, Enforcement Actions, Settlement

Northeast Radiology Settles with OCR

Robinson+Cole Data Privacy + Security Insider on 4/18/2025

The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000....more

OCR Announces Fifth Settlement Under Its Risk Analysis Initiative

Arnall Golden Gregory LLP on 4/2/2025

Background - On March 21, 2025, the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) announced a settlement with Health Fitness Corporation (“Health Fitness”), a company that provides wellness...more

Two CMPs and One Settlement Close Out 2024 HIPAA Enforcement

Saul Ewing LLP on 1/9/2025

December 2024 was an active month for the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"). OCR announced (i) a $1.19 million civil monetary penalty ("CMP") against Gulf Coast Pain...more

OCR Active with Settlements and Enforcement Actions in November and Early December

Robinson+Cole Data Privacy + Security Insider on 12/12/2024

The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate...more

Emergency Medical Service Provider Agrees to Pay a $90,000 HIPAA Settlement Following Ransomware Attack

Saul Ewing LLP on 11/21/2024

On November 1, 2024, the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced a $90,000 settlement with Bryan County Ambulance Authority (“BCAA”), a provider of emergency medical...more

HHS Office for Civil Rights Reaches Second Health Care Ransomware Settlement

Skadden, Arps, Slate, Meagher & Flom LLP on 4/4/2024

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced its second settlement in four months growing out of a ransomware attack on a health care business. Maryland-based Green Ridge...more

Employees’ Misdeeds, Lack of Risk Analysis Cost NY Hospital $4.75M; OCR Issues Warning

Health Care Compliance Association (HCCA) on 3/12/2024

Although the HHS Office for Civil Rights (OCR) described its recent $4.75 million agreement with a Bronx, New York, hospital as settling a “malicious insider cybersecurity investigation,” the agency considered a total of 11...more

OCR Ends Year With Settlements That Tread Old Ground, Says New Rules Are Coming—Someday

Health Care Compliance Association (HCCA) on 1/17/2024

If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more

HHS Issue Six Figure Penalty for Ransomware Attack

Bricker Graydon LLP on 1/5/2024

Late last year, the Department of Health and Human Services (HHS) issued its first HIPAA settlement agreement involving a ransomware attack. In the press release announcing the settlement, HHS stated that they began...more

Under New Settlement, Ambulance Co. Pays OCR $65K, Must Quickly Encrypt Computers

Health Care Compliance Association (HCCA) on 1/13/2020

Report on Patient Privacy 20, no. 1 (January 2020) - In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more

Encrypt Your Devices or Face HIPAA Penalties

Holland & Hart - Health Law Blog on 11/8/2019

This week, the Office for Civil Rights (“OCR”) announced a $3,000,000 HIPAA settlement arising from a medical center’s loss of an unencrypted laptop and flash drive. This is simply the latest of many HIPAA settlements based...more

HIPAA Security Rule › Enforcement Actions › Settlement

"My best business intelligence, in one easy email…"