The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has renewed its focus on two critical areas of HIPAA compliance: risk analysis and individual right of access. These enforcement...more
The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate...more
On October 31, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) embraced the end of Spooky Season by announcing two more ransomware-related enforcement actions. ...more
In 2019, the U.S. Department of Health & Human Services, Office for Civil Rights (OCR) announced its Right of Access Initiative, promising to prioritize patients’ rights to receive timely copies of their medical...more
In recent weeks, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) has announced 12 resolution agreements settling alleged violations of the HIPAA rules. Covered entities and business...more
Making quite the statement on July 15, 2022, the Office for Civil Rights (OCR) announced in a press release that it had recently settled an additional 11 cases under its Right to Access Initiative. These settlements bring the...more
OCR Cracks Down on Healthcare Providers in Right to Access Initiative - “For too long, healthcare providers have slow-walked their duty to provide patients their medical records out of a sleepy bureaucratic inertia. We...more
Continuing its serious march against covered entities not allowing patients access to their records, the Office for Civil Rights (OCR) has settled two more cases in two days in its Right of Access Initiative. This brings the...more
Recent regulatory and enforcement developments in the area of access to patient information create significant new risks for radiology providers. In particular, imaging providers should pay close attention to these...more
Elizabeth Barry Heddleston Associate Now is a great time for healthcare providers to assess their compliance with HIPAA’s right of access requirements. Not only is this a hot area of enforcement, patients’ rights to access...more
The Office for Civil Rights (OCR) recently announced another settlement involving investigations under its Right of Access Initiative. This settlement, the sixteenth such agreement under the Initiative (and one of the most...more
The Office of Civil Rights (OCR) continues to take seriously all allegations of violations of the HIPAA right of access to patient medical records. As discussed in a previous blog, the OCR is enforcing patient rights by...more
Health care technology has seen an incredible amount of change over the past twelve months. As health care providers and entities continue to provide patient care in unprecedented times, it is becoming increasingly important...more
2020 was an active year for HIPAA regulatory activity by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). In this article, we take a look at some of the HIPAA highlights from 2020 and...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services recently published its findings from audits conducted in 2016 and 2017 of covered entities’ and business associates’ compliance with...more
Report on Patient Privacy 18, no. 1 (January 2021) - The HHS Office for Civil Rights (OCR) settled its 13th enforcement action in its Right of Access Initiative, first announced in 2019 to support individuals’ rights to...more
The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) has announced a flurry of enforcement actions in the last quarter of 2020 as part of its Right of Access Initiative....more
On December 17, 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its Industry Report on the HIPAA audits it conducted in 2016 and 2017. OCR found widespread noncompliance with...more
Thanks to a federal judge, the Office for Civil Rights has modified its rules for sending records to third parties. Covered entities are no longer required by HIPAA to send non-electronic protected health information (“PHI”)...more
SDNY Rejects Standing under “Increased Risk” Theory Where Data Not Targeted or Stolen - The Southern District of New York rejected a settlement that would have resolved a class action based on the unauthorized (and...more
Access to healthcare information (or lack thereof) has always been touted as one of the key factors/necessities to realizing the promise of technology in the delivery of healthcare. Despite various legislative, judicial,...more
Most health care providers are aware that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its accompanying negotiations provide for the privacy and security of patients’ health care...more