HIPAA Violations, Covered Entities, Data Breach

HIPAA Security Risk Analysis – How should regulated entities prepare for the Office for Civil Rights (OCR) Risk Analysis Audit...

Ankura on 4/16/2025

Following the Office for Civil Rights (OCR) recent publication of four settlements as part of a new Risk Analysis Audit Initiative. We explore the current regulatory language for Risk Analysis, the proposed language for Risk...more

HIPAA Violations: What Providers Should Learn From the Failures of Others

Lathrop GPM on 3/4/2024

The federal agency responsible for enforcing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) – the Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services – recently submitted...more

Business Associate Agreements: Requirements and Suggestions

Holland & Hart LLP on 10/20/2023

The HIPAA Privacy and Security Rules generally require covered entities (including most healthcare providers) to execute written agreements (“business associate agreements” or “BAAs”) with their business associates before...more

HIPAA Compliance & the Role of Enterprise Information Archiving

Hanzo on 6/28/2022

Most people have heard of the Health Insurance Portability and Accountability Act (HIPAA), so it’s not surprising that companies dealing with digital health information will have to be HIPAA compliant. To do so, any protected...more

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Health Care Compliance Association (HCCA) on 5/6/2022

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

Awaiting New Leader, OCR Collects NPRM Feedback, Closes Breach, 14th Access Case

Health Care Compliance Association (HCCA) on 2/26/2021

Report on Patient Privacy 21, no. 2 (February 2021) - Unless an extension is granted or the notice of proposed rulemaking (NPRM) is withdrawn, covered entities (CEs) and business associates (BAs) have until late March to...more

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on 8/14/2020

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

Report on Patient Privacy Volume 20, Number 3. Privacy Briefs: March 2020

Health Care Compliance Association (HCCA) on 3/19/2020

Report on Patient Privacy 20, no. 3 (March 2020) - As the new coronavirus, COVID-19, spreads across the United States, the HHS Office for Civil Rights (OCR) is reminding HIPAA covered entities and business associates that...more

Report on Patient Privacy Volume 20, Number 2. Privacy Briefs: February 2020

Health Care Compliance Association (HCCA) on 2/13/2020

Report on Patient Privacy 20, no. 2 (February 2020) - A ruling from Georgia’s highest state court could set a precedent that determines recourse for victims of cyberattacks. The Georgia Supreme Court ruled in late December...more

As MD Anderson Keeps Up Its Legal Fight, U. Rochester Pays OCR $3M

Health Care Compliance Association (HCCA) on 12/19/2019

Report on Research Compliance 17, no. 1 (January 2020) - Ah, those pesky residents. If you’re a teaching hospital, you can’t live without them, right? But sometimes living with them is mighty costly, as the University of...more

HIPAA Violations › Covered Entities › Data Breach

"My best business intelligence, in one easy email…"