HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
On October 2, 2024, New York adopted new regulations requiring general hospitals to implement heightened cybersecurity safeguards. General hospitals, as defined in Article 28 of the NY Public Health Law, generally must begin...more
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the...more
In the wake of the Supreme Court’s ruling in Dobbs vs. Jackson Women’s Health Organization, much has been written about how existing privacy laws, such as the Health Insurance Portability and Accountability Act (“HIPAA”), are...more
HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than...more
The fluid and fast-changing impact of the new coronavirus (COVID-19) has left institutions of higher education (IHEs) scrambling to address unexpected legal issues. This guidance addresses some of their more frequently asked...more
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500...more
Report on Patient Privacy 19, no. 12 (December 2019) - Sentara Hospitals, a nonprofit group of 12 medical centers in Virginia and North Carolina, will implement a fairly minimal two-year corrective action plan (CAP) and...more
One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more
Don’t forget that the required end-of-the-year reporting of any small breaches of unsecured protected health information (PHI) that were discovered in 2018 is coming up. Under the Health Insurance Portability and...more
Conducting HIPAA Breach Risk Assessments - The HIPAA rules relating to assessment of potential patient confidentiality breaches were changed in 2013. Specifically, on January 17, 2013, the Office of Civil Rights released...more
In the past several years, a huge increase has occurred in the number of electronic attacks in the United States using ransomware, a form of malware that targets and encrypts critical data and systems for the purpose of...more
Feb. 29, 2016, a/k/a Leap Day, is the date by which HIPAA covered entities must notify the U.S. Department of Health and Human Services Office for Civil Rights (OCR) of “small” breaches of unsecured protected health...more
Pursuant to HIPAA/HITECH, covered entities are required to report breaches of unsecured protected health information that occurred in 2015 and affected less than 500 individuals to the Office for Civil Rights no later than 60...more
The HIPAA Breach Notification Rule requires covered entities to notify the Secretary of the Department of Health and Human Services (HHS) if a breach of unsecured protected health information (PHI) is discovered. As most...more
The breach notification interim final rule requires covered entities to submit to the Office for Civil Rights (OCR) notice of breaches of unsecured protected health information (PHI) (45 C.F.R. 164.408) by March 1, 2013....more