HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
PIH Health, a health care entity located in California, suffered a data breach in June 2019 when 45 employee email accounts were compromised in a targeted phishing campaign. The accounts contained the protected health...more
The saga that led Children’s Hospital Colorado to accept a fine of more than $500,000 imposed by the HHS Office for Civil Rights (OCR) began on July 11, 2017, when a physician’s email account containing details on 3,300...more
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
Regulatory action and class action lawsuits related to pixels and other website technologies continued to surge in 2023 and 2024, particularly in the healthcare industry....more
Ransomware attacks are a growing threat in the health care sector due to the value of personal health information (PHI). In addition to being expensive, these attacks can cripple health care operations, delay patient care,...more
On June 20, 2024, the Northern District of Texas issued its final order in American Hospital Association, et al. v. Becerra, et al. (AHA), granting the plaintiffs’ (the American Hospital Association, two Texas health systems...more
Online tracking technologies are used by healthcare and hospital systems throughout the United States to analyze their website traffic, personalize content, and provide relevant information to website visitors, some of whom...more
The U.S. Department of Health and Human Services, Office of Civil Rights (OCR) recently updated its controversial, year-old guidance document on the use of online tracking technologies by healthcare providers and other...more
On April 1, 2024, CMS released new guidance to reiterate and clarify hospital requirements for informed consent from patients with respect to medical professionals performing sensitive examinations, especially for patients...more
When the U.S. Department of Health and Human Services, Office for Civil Rights (HHS OCR) issued its guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” on Dec. 1, 2022 Original...more
2024 is shaping up to be a very active year for regulatory and enforcement developments in the healthcare industry – developments that concern not just hospitals and nursing facilities, but many non-healthcare companies as...more
2023 marked 20 years since the first compliance deadline under the Health Insurance Portability and Accountability Act’s (“HIPAA”) privacy rule. Despite the two decades of experience with HIPAA, compliance continues to remain...more
On November 20, 2023, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced an $80,000 HIPAA settlement with Saint Joseph’s Medical Center (“SJMC”) in New York State. The...more
Hospitals care about patient privacy, but they also have to connect with the public. In the real world, people mostly connect online. Having a fully functional online presence often requires help from third parties. ...more
On July 20, 2023, the Department of Health and Human Services (DHHS) through the Office of Civil Rights (OCR) and the Federal Trade Commission (FTC) issued a joint letter to hospitals and telehealth providers alerting them to...more
Are you a health care provider, business associate, or other entity subject to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) regarding the use and disclosure of protected health...more
The Federal Trade Commission and the U.S. Department of Health and Human Services' Office for Civil Rights are cautioning hospitals and telehealth providers about the privacy and security risks related to the use of online...more
The Department of Health and Human Services and the Federal Trade Commission have sent a joint letter to approximately 130 hospital systems and telehealth providers to emphasize the risks and concerns about the use of...more
Report on Patient Privacy 22, no. 8 (August, 2022) - The Department of Justice (DOJ) seized around $500,000 in Bitcoin ransom paid by two health care organizations in Kansas and Colorado to North Korean ransomware actors...more
The Compliance Institute is celebrating 25 years! Join us for the Compliance Institute's 25th anniversary, April 19-22, 2021. This year, HCCA is excited to celebrate over two decades of compliance excellence with our...more
Report on Patient Privacy 18, no. 1 (January 2021) - The HHS Office for Civil Rights (OCR) settled its 13th enforcement action in its Right of Access Initiative, first announced in 2019 to support individuals’ rights to...more
Halloween or HIPAA: Which is Scarier? HIPAA and the Pandemic - Telehealth: - On Friday, March 20, 2020, OCR announced it will “exercise its enforcement discretion and will not impose penalties for noncompliance with...more
In this week’s episode, Rebecca Schaefer and Hannah Maroney discuss a string of recent HIPAA enforcement actions which demonstrate that the HHS Office of Civil Rights (OCR), the agency tasked with enforcing HIPAA, is...more
Recent guidance from the Office for Civil Rights and the Centers for Medicare and Medicaid Services reiterates that existing privacy laws and emergency preparedness standards provide an effective framework for providers...more
Report on Patient Privacy 19, no. 12 (December 2019) - Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more