HIPAA Violations, Data Protection, Cybersecurity

Fresh From the Oven: OCR-HHS Issues a Notice of Proposed Rulemaking for the HIPAA Security Rule

Quarles & Brady LLP on 1/2/2025

‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more

Privacy Briefs: July 2024

Health Care Compliance Association (HCCA) on 7/15/2024

Pennsylvania-based Geisinger Health System said it experienced a breach impacting more than 1.27 million patients when a former employee of vendor Nuance Communications Inc., a Microsoft Corp. subsidiary, accessed patient...more

OCR Will Focus on You if You Don’t Focus on Cybersecurity

Akerman LLP - Health Law Rx on 12/21/2023

With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more

HHS Enters Into First-Ever Ransomware Resolution Agreement and Corrective Action Plan

Jones Day on 12/6/2023

The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out...more

HHS Hits Nation’s Largest Public Health Plan with Severe Corrective Action Plan

Brownstein Hyatt Farber Schreck on 9/19/2023

Paying the $1.3 million fine is the easy part. Complying with the CAP is a different undertaking. On Sept. 11, 2023, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an...more

MedEvolve OCR Settlement for $350,000 due to Alleged Failures to Protect Data

Robinson+Cole Data Privacy + Security Insider on 5/19/2023

On May 17, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with MedEvolve, Inc. for $350,000. MedEvolve provides practice and revenue cycle management and practice...more

Privacy Briefs: May 2023

Health Care Compliance Association (HCCA) on 5/12/2023

Five former Memphis-based hospital employees and another man have pled guilty to unlawfully disclosing patient information in violation of HIPAA, U.S. Attorney for the Western District of Tennessee Kevin Ritz announced....more

HIPAA Compliance & the Role of Enterprise Information Archiving

Hanzo on 6/28/2022

Most people have heard of the Health Insurance Portability and Accountability Act (HIPAA), so it’s not surprising that companies dealing with digital health information will have to be HIPAA compliant. To do so, any protected...more

OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief

Health Care Compliance Association (HCCA) on 5/6/2022

Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on 8/14/2020

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

HIPAA Violations › Data Protection › Cybersecurity

"My best business intelligence, in one easy email…"