HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
December 2024 was an active month for the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"). OCR announced (i) a $1.19 million civil monetary penalty ("CMP") against Gulf Coast Pain...more
We just want to provide a friendly reminder that, before key staff depart for the holidays, HIPAA covered entities and business associates should finalize their compliance with the 2024 HIPAA amendments related to...more
Last week, HHS Office of Civil Rights (OCR) announced a settlement with a Pennsylvania provider (the Provider) concerning an alleged violation of the HIPAA Privacy Rule. Specifically, the Provider impermissibly disclosed a...more
On October 31, 2024, the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”) announced a $500,000 settlement with Plastic Surgery Associates of South Dakota (“PSA”) concerning potential...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
On July 1, 2024, the U.S. Department of Health and Human Services (“HHS”) Office For Civil Rights (“OCR”) announced a $950,000 settlement with Heritage Valley Health System (“Heritage Valley”) and a three-year Corrective...more
The Association of American Universities (AAU) and the Council on Governmental Relations (COGR) are among a handful of groups “urging the Biden administration to rescind a policy proposal that would threaten the American...more
H. Lee Moffitt Cancer Center & Research Institute Hospital Inc. in Tampa, Florida, has agreed to pay $19.564 million to settle false claims allegations over claims submitted to federal health care programs for items and...more
On February 6, 2024, the HHS Office for Civil Rights (“OCR”) announced a settlement with Montefiore Medical Center (“MMC”) for alleged HIPAA Security Rule violations and MMC agreed to pay $4.75 million and enter into a...more
2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more
On June 28, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement (resolution agreement and corrective action plan) with iHealth Solutions (also known as Advantum Health)...more
Report on Patient Privacy 20, no. 10 (October 2020) - September was quite the month for enforcement actions by the HHS Office for Civil Rights (OCR). The agency announced eight settlements totaling more than $10 million....more
In a flurry of recent activity, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced eight resolution agreements since September 15, 2020. These resolution agreements settle...more
As detailed in a press release from the U.S. Department of Health and Human Services (HHS), "Metropolitan Community Health Services, doing business as Agape Health Services (Metro), has agreed to pay $25,000 to the U. S....more
Report on Medicare Compliance 29, no. 28 (August 3, 2020) - The 2017 theft of an unencrypted laptop is at the heart of a new HIPAA settlement with Lifespan Health System Affiliated Covered Entity (Lifespan ACE) in Rhode...more
Report on Patient Privacy 20, no. 8 (August 2020) - Last month, leaders from Agape Health Services in rural Washington, North Carolina, were happy to share photos of the shell of a building in neighboring Plymouth, that,...more
Report on Patient Privacy 20, no. 3 (March 2020) - A gastroenterologist in Utah who felt he was being held captive by an electronic health record (EHR) vendor found his 2013 complaint to the HHS Office for Civil Rights...more
Report on Patient Privacy 20, no. 1 (January 2020) - In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more
Report on Patient Privacy 19, no. 12 (December 2019) - Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more
Compliance Today (November 2019) - On September 9, 2019, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announced its first enforcement action and settlement in its Right of Access...more
Earlier this month, the U.S. Department of Health and Human Services Office for Civil Rights (HHS OCR) announced that it had entered into a settlement agreement with St. Elizabeth's Medical Center (SEMC) in Brighton,...more
On July 10, 2015, the United States Department of Health and Human Services Office for Civil Rights (OCR) announced its second settlement of the year for violations of the Health Insurance Portability and Accountability Act...more
The HHS Office for Civil Rights (OCR) started 2013 with a bang by announcing that it had reached "the first settlement involving a breach of unprotected electronic protected health information (ePHI) affecting fewer than 500...more
On January 2, 2013, the U.S Department of Health and Human Services, Office of Civil Rights (OCR) announced its first HIPAA breach settlement involving less than 500 patients. OCR took action against a hospice provider in...more
On January 2, 2013, HHS announced that the Hospice of North Idaho (HONI) agreed to pay $50,000 and enter into a Corrective Action Plan (CAP) as part of a settlement involving a breach of unsecured electronic protected health...more