News & Analysis as of

Office of Civil Rights Security Risk Assessments

Health Care Compliance Association (HCCA)

OCR Ends Year With Settlements That Tread Old Ground, Says New Rules Are Coming—Someday

If the penultimate enforcement settlement of 2023 issued by the HHS Office for Civil Rights (OCR) sounds familiar, that’s with good reason. And the last one of the year should ring some bells, too....more

Holland & Hart LLP

To BAA or Not to BAA: Must You Have One?

Holland & Hart LLP on

HIPAA applies to both covered entities (e.g., healthcare providers and health plans) and their business associates. A “business associate” is generally a person or entity that “creates, receives, maintains or transmits”...more

Foley Hoag LLP - Security, Privacy and the...

HHS OCR/ONC Announce Latest Version of Security Risk Assessment Tool

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) have released version 3.4 of their Security Risk Assessment...more

Mintz - Health Care Viewpoints

Are You Ready? How to Prepare for the End of OCR’s Public Health Emergency HIPAA Enforcement Discretion

In April, 2020, in an effort to facilitate a national pivot to telehealth in light of the COVID-19 Public Health Emergency (PHE), the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a policy...more

Foley & Lardner LLP

Key Findings & Takeaways from OCR HIPAA Audit Findings

Foley & Lardner LLP on

The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services recently published its findings from audits conducted in 2016 and 2017 of covered entities’ and business associates’ compliance with...more

Jackson Lewis P.C.

OCR Releases Report Summarizing HIPAA Privacy And Security Compliance Failures

Jackson Lewis P.C. on

In the final days of 2020, the Office for Civil Rights (OCR) at the U.S. Health and Human Service (HHS) released a HIPAA Audits Industry Report (“the Report”), that could be quite helpful to covered entities and business...more

Rivkin Radler LLP

Anthem Agrees to $48 Million Multi-State Settlements Over 2014 Data Breach

Rivkin Radler LLP on

Health insurer Anthem, Inc. has finally reached a settlement with a coalition of 41 states plus the District of Columbia, and a separate settlement with California, to resolve state attorney general investigations of a data...more

Troutman Pepper

FDA Launches Digital Center of Excellence and ONC Updates HIPAA Security Risk Assessment Tool

Troutman Pepper on

Why It Matters - In order to safeguard their information, health care and life science organizations should remain vigilant in monitoring DHCoE developments and initiatives, including any policy/regulation clarifications...more

Health Care Compliance Association (HCCA)

Under New Settlement, Ambulance Co. Pays OCR $65K, Must Quickly Encrypt Computers

Report on Patient Privacy 20, no. 1 (January 2020) - In the waning days of 2019, the HHS Office for Civil Rights (OCR) didn’t halt the HIPAA enforcement momentum it had built up during the last quarter of the year, dinging...more

Faegre Drinker Biddle & Reath LLP

Ambulance Company Agrees to $65,000 OCR Settlement for HIPAA Noncompliance

West Georgia Ambulance, Inc. (West Georgia) and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Service (HHS) entered into a $65,000 no-fault settlement agreement and two year corrective action...more

Foley & Lardner LLP

HIPAA: Failure to Report Breach Costs Hospital $2.175 Million

Foley & Lardner LLP on

One health system recently learned the cost of relying too heavily on the HIPAA Breach Notification Rule’s “low probability of compromise” standard when it failed to notify all affected individuals and report the HIPAA breach...more

Health Care Compliance Association (HCCA)

Report on Medicare Compliance Volume 28, Number 40. News Briefs - November 2019 #2

Report on Medicare Compliance Volume 28, Number 40. (November 11, 2019) - - In a new Medicare compliance review, the HHS Office of Inspector General (OIG) said Angels Care Home Health in Salina, Kansas, didn’t comply with...more

Health Care Compliance Association (HCCA)

Report on Patient Privacy Volume 19, Number 11. Privacy Briefs: November 2019

Report on Patient Privacy Volume 19, Number 11. (November 2019) ? The biggest threat to protected health information comes from carelessness within your organization, according to a brief from the Clearwater...more

Shumaker, Loop & Kendrick, LLP

Client Alert: The Lack of an Adequate HIPAA Security Risk Assessment is a Common and Costly Mistake by Healthcare Providers: What...

Health care providers and others who must comply with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) have specific requirements under the Security Rule to HIPAA when it comes to their mainte-nance...more

Robinson+Cole Data Privacy + Security Insider

Cottage Health Settles with OCR for $3M

We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $2 million for a security incident that occurred in 2013. On February 7,...more

Hogan Lovells

Recap of the OCR/NIST Conference on Safeguarding Health Information

Hogan Lovells on

Regulators provided key insights into enforcement trends and potential changes to HIPAA regulations at the 11th Annual “Safeguarding Health Information: Building Assurance Through HIPAA Security” conference in October...more

Baker Donelson

Changes to the Security Risk Assessment (SRA) Tool Require Attention

Baker Donelson on

The HHS Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) released an updated Security Risk Assessment (SRA) Tool this week. All covered entities and business...more

Foley Hoag LLP - Security, Privacy and the...

More on HIPAA Audits for 2016 and 2017–Desk Audits and On-Site Audits

As part of the ongoing HHS OCR HIPAA audit initiative, it is conducting “HIPAA desk audits.” These audits don’t involve auditors coming in your facility. Instead, covered entities are being asked to submit documents on...more

Alston & Bird

HIPAA Phase 2 Audits: What Has OCR Requested from Auditees to Date?

Alston & Bird on

In our April 8, 2016, advisory, we discussed the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) “Phase 2” audit program. Then, we could only make educated guesses about what documents OCR...more

Obermayer Rebmann Maxwell & Hippel LLP

HIPAA Compliance Is a Health Care Entity’s Secret Weapon in Preventing and Combating Ransomware Attacks

One of the fastest growing areas of cybercrime is ransomware. Ransomware is a type of malicious software that encrypts data and makes it inaccessible to authorized users. The hackers who orchestrate ransomware attacks demand...more

Robinson+Cole Data Privacy + Security Insider

HHS: Ransomware Attacks Likely HIPAA Breaches In Absence of Encryption

On July 11, 2016, the U.S. Department of Health & Human Services (HHS) issued a Fact Sheet that provides guidance on (i) how HIPAA Security Rule compliance can assist health care organizations combat ransomware attacks, and...more

Laner Muchin, Ltd.

Regulatory Authorities Launch The Second Phase Of The HIPAA Compliance Audit Program

Laner Muchin, Ltd. on

As a part of its continued efforts to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, the Health and Human Services (HHS) Office for...more

Morgan Lewis

OCR Begins HIPAA Phase 2 Audits

Morgan Lewis on

What covered entities and business associates can do to prepare for the next round of audits. On July 11, the HIPAA Phase 2 audits commenced when 167 covered entities received notice of a desk audit from the Department...more

Mintz - Health Care Viewpoints

“Your Money or Your PHI”: OCR Releases Guidance on Ransomware

On July 11, 2016, the Office for Civil Rights (OCR) released important new guidance on ransomware for hospitals and other healthcare providers and finally addressed the question of whether electronic protected health...more

Lathrop GPM

Business Associate Settles HIPAA Investigation for $650,000

Lathrop GPM on

The U.S. Office for Civil Rights (OCR), the agency responsible for enforcing the HIPAA Privacy and Security rules, has just sent a strong message that business associates are not immune from scrutiny. On June 24, 2016, in a...more

33 Results
 / 
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide