HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
December 2024 was an active month for the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"). OCR announced (i) a $1.19 million civil monetary penalty ("CMP") against Gulf Coast Pain...more
It’s not immediately obvious why someone would want to disclose a health care test result as part of a job application. But one such request spurred a Pennsylvania entity to provide a lot more than that: it sent her whole...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
President Ronald Reagan famously quipped, "I think you all know that I've always felt that the nine most terrifying words in the English language are: I'm from the Government, and I'm here to help."1 At an Oct. 23-24, 2024,...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
The cyber breach at Change Healthcare in 2024 stands out as one of the most significant cyber-attacks in recent memory. Its repercussions extend far beyond immediate industry disruptions, resonating deeply in regulatory...more
Address the latest updates & emerging trends in privacy - Join us this October for HCCA's virtual event dedicated to privacy compliance. This virtual event provides first-hand insights from government agencies regarding...more
Who will notify the potentially millions of individuals whose information might have been jeopardized by the massive cyberattack on Change Healthcare? Since the affiliate of UnitedHealth Group (UHG) first reported the...more
While many healthcare providers are generally aware of their obligations under HIPAA, most do not have a clear sense of what happens if they fail to meet these obligations. At best, most probably are familiar with headlines...more
On April 26, the US Department of Health and Human Services Office for Civil Rights (OCR) published a Final Rule that adds protections under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule...more
On May 6, 2024, the Department of Health and Human Services (HHS) published its final rule revamping the non-discrimination regulations issued under § 1557 of the Affordable Care Act. The revised rules apply to all...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has, as part of its mandate, the responsibility to enforce the Health Insurance Portability and Accountability Act (HIPAA) Security Rule....more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
Cyberattacks and data incidents are rapidly increasing, and third-party services companies are a frequent source of exposure for healthcare providers. Healthcare is a prime target for cybercriminals, with ransomware and...more
Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more
2024 is shaping up to be a very active year for regulatory and enforcement developments in the healthcare industry – developments that concern not just hospitals and nursing facilities, but many non-healthcare companies as...more
2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more
Technology’s exponential development and use in healthcare provides potentially significant benefits for behavioral health patients but also raises ethical and compliance concerns. The most recent technological advance...more
Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more
Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more
Summer is in full swing, but the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) is doing anything but taking a vacation from HIPAA. In May and June, OCR issued five resolution agreements...more
On June 28, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement (resolution agreement and corrective action plan) with iHealth Solutions (also known as Advantum Health)...more
Designed for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy is ideal for practitioners who want a deeper understanding of effective compliance management in a...more