HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
On June 4, 2025, the U.S. Department of Health and Human Services (HHS) announced the appointment of Paula M. Stannard as the Director of the Office for Civil Rights (OCR). As Director, Stannard will lead the enforcement of...more
The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000....more
Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. ...more
On March 21, 2025, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of HIPAA security rule claims involving Health Fitness Corporation (Health Fitness). Health Fitness...more
2024 marked another significant year for privacy law, with new state legislation and high-stakes litigation reshaping the landscape. Legal battles over tracking technologies, biometric data, and children’s privacy...more
Arecent report put the odds of an asteroid hitting the earth in December 2032 at 3.1%—which is 3,100 times more likely than an organization resolving an enforcement action with the U.S. Department of Health and Human...more
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently imposed a $1.5 million civil money penalty against Warby Parker, Inc., a manufacturer and online retailer of eyewear, for...more
Recent federal enforcement actions have brought home the lesson that there’s really no acceptable reason for denying a patient timely access to medical records. Last year, for example, the HHS Office for Civil Rights (OCR)...more
Recent enforcement actions, audit activity, proposed rulemakings, and guidance issued by the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) highlight the agency’s focus on health data...more
December 2024 was an active month for the U.S. Department of Health and Human Services ("HHS"), Office for Civil Rights ("OCR"). OCR announced (i) a $1.19 million civil monetary penalty ("CMP") against Gulf Coast Pain...more
On October 31, 2024, the U.S. Department of Health and Human Services (“HHS”), Office of Civil Rights (“OCR”) announced a $500,000 settlement with Plastic Surgery Associates of South Dakota (“PSA”) concerning potential...more
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
On February 6, 2024, the HHS Office for Civil Rights (“OCR”) announced a settlement with Montefiore Medical Center (“MMC”) for alleged HIPAA Security Rule violations and MMC agreed to pay $4.75 million and enter into a...more
Ideal for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy offers practitioners a deeper understanding of effective compliance management in a healthcare setting. The...more
As we reflect on the flurry of activity in the health care data privacy and security space in 2023 and look ahead to what will continue to be a busy 2024, we are seeing the early stages of federal agency movement to align the...more
2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more
Is your organization a business associate? You could be subject to enforcement action if you fail to protect health information within your control from ransomware attacks. In October, for the first time, the U.S....more
October has been a busy month for the OCR, which is tasked with enforcing the regulations issued under HIPAA. In the past week, the OCR released two new guidance documents aimed at reducing the privacy and security risks...more
Designed for professionals with some compliance knowledge and experience, HCCA’s Healthcare Privacy Compliance Academy is ideal for practitioners who want a deeper understanding of effective compliance management in a...more
The Federal Trade Commission and the U.S. Department of Health and Human Services' Office for Civil Rights are cautioning hospitals and telehealth providers about the privacy and security risks related to the use of online...more
Learning Objectives - Discover the 10 recommended cybersecurity practices from HICP - Understand how the existing resources in place - Ensuring proper compliance between 405(d) and HIPAA regulations...more
General and specialty compliance training from the comfort of your home or office! HCCA’s Regional Healthcare Compliance Conferences provide practitioners with virtual compliance training that includes updates on the...more
Spring and summer have been busy seasons in the data privacy and security space. Here are some recent health updates to keep you up to speed...more
Report on Patient Privacy 22, no. 5 (May, 2022) - Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and...more
Our one-day Regional Compliance Conferences provide attendees with a forum to interact with local compliance professionals, share information about your compliance successes and challenges, and create educational...more