HIPAA Violations, Data Security, Electronic Protected Health Information (ePHI)

Fresh From the Oven: OCR-HHS Issues a Notice of Proposed Rulemaking for the HIPAA Security Rule

Quarles & Brady LLP on 1/2/2025

‘Tis the season for holiday baking and the elves at the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), have been diligently crafting their own holiday treat. On December 27,...more

No “Trick”: Plastic Surgery Practice Agrees to Pay a $500,000 HIPAA Settlement Following Ransomware Attack

Saul Ewing LLP on 11/11/2024

On October 31, 2024, the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”) announced a $500,000 settlement with Plastic Surgery Associates of South Dakota (“PSA”) concerning potential...more

NYC Hospital Agrees to Pay $4.75 Million as Part of a HIPAA Settlement

Saul Ewing LLP on 2/13/2024

On February 6, 2024, the HHS Office for Civil Rights (“OCR”) announced a settlement with Montefiore Medical Center (“MMC”) for alleged HIPAA Security Rule violations and MMC agreed to pay $4.75 million and enter into a...more

OCR Will Focus on You if You Don’t Focus on Cybersecurity

Akerman LLP - Health Law Rx on 12/21/2023

With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more

HHS Enters Into First-Ever Ransomware Resolution Agreement and Corrective Action Plan

Jones Day on 12/6/2023

The U.S. Department of Health and Human Services ("HHS") Office of Civil Rights ("OCR") has entered into its first settlement of potential Health Insurance Portability and Accountability Act ("HIPAA") violations arising out...more

Five Years After ‘a Singular Human Error,’ Two Breach Notices, Revenue Firm Settles With OCR

Health Care Compliance Association (HCCA) on 6/9/2023

Five Years After ‘a Singular Human Error,’ Two Breach Notices, Revenue Firm Settles With OCR - As far as settlements for alleged HIPAA violations go, a recent agreement announced by the HHS Office for Civil Rights (OCR)...more

Report on Patient Privacy Volume 22, Number 10. Privacy Briefs: October 2022

Health Care Compliance Association (HCCA) on 10/11/2022

Report on Patient Privacy 22, no. 10 (October, 2022) - Thirty Democratic senators led by Sen. Patty Murray, D-Wash., have called on HHS to strengthen federal privacy protections under HIPAA to broadly restrict providers...more

2016 Breach Costs OK State Medical Center $875K; System Initially Missed Vulnerability

Health Care Compliance Association (HCCA) on 8/16/2022

Report on Patient Privacy 22, no. 8 (August, 2022) - Oklahoma State University Center for Health Sciences’ (OSUCHS) breach might not have seemed all that serious at the time: No data is believed to have been misused,...more

HIPAA Compliance & the Role of Enterprise Information Archiving

Hanzo on 6/28/2022

Most people have heard of the Health Insurance Portability and Accountability Act (HIPAA), so it’s not surprising that companies dealing with digital health information will have to be HIPAA compliant. To do so, any protected...more

4 Ways to Protect ePHI Beyond HIPAA Compliance

NAVEX on 8/14/2020

Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more

Ambulance Company Agrees to $65,000 OCR Settlement for HIPAA Noncompliance

Faegre Drinker Biddle & Reath LLP on 1/3/2020

West Georgia Ambulance, Inc. (West Georgia) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $65,000 no-fault settlement agreement and two year corrective action...more

HIPAA Violations › Data Security › Electronic Protected Health Information (ePHI)

"My best business intelligence, in one easy email…"