In addition to holiday celebrations, the month of December typically ushers in a final round of enforcement actions by the U.S. Department of Health and Human Services' (HHS) Office of Civil Rights (OCR), and 2024 is no...more
President Ronald Reagan famously quipped, "I think you all know that I've always felt that the nine most terrifying words in the English language are: I'm from the Government, and I'm here to help."1 At an Oct. 23-24, 2024,...more
The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently published an executive summary (Report) outlining key enforcement activities of the Health Insurance Portability and...more
Nearly two months after settlement was reached, the Department of Health and Human Services Office for Civil Rights (HHS OCR) announced on Feb. 6 that it obtained a resolution agreement with Montefiore Medical Center over...more
Privacy and cybersecurity is at the forefront of everyone’s mind these days and, in 2018, the Office for Civil Rights (“OCR”) settled ten cases and prevailed in another before an Administrative Law Judge to the tune of...more
More than three years ago, Anthem, Inc. reported to the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) that it suffered a cyber attack compromising the protected health information of nearly 79...more
In its monthly Cybersecurity Newsletter at the end of May, the Office of Civil Rights (OCR) of the United States Department of Health and Human Services pointedly reminds us of the need to be conscious of some fundamental...more
The May 2018 cyber security newsletter from the U.S. Department of Health and Human Services Office for Civil Rights (OCR) focused on a topic often overlooked by covered entities and their business associates: physical...more
On this blog, we have discussed the criticality of risk analyses – the assessment required by the Security Rule of the “risks and vulnerabilities” that an organization faces with respect to all of its electronic protected...more
HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more
Last week, the Department of Health and Human Services’ Office for Civil Rights (OCR) provided guidance for HIPAA covered entities and business associates that use or want to use cloud computing services involving protected...more
If company executives are discussing the terms listed above, then their company is likely to have experienced better days. However, if the executives are in the "C Suite" or are the Compliance Officer, Privacy Officer and/or...more
If your organization is a business associate of a HIPAA covered entity (such as a health care provider or employee health benefit plan), you should know that the Department of Health and Human Services' Office of Civil Rights...more
In September, 2015, OCR and HHS issued a press release announcing a Resolution Agreement with the Cancer Care Group, P.C., which included entry into the agreement, the adoption of a robust compliance plan, and the payment of...more
On September 2, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced a substantial settlement with an Indiana-based oncology group, Cancer Care Group, P.C. (CCG). Under the terms of...more
Where HIPAA and Meaningful Use intersect, does the newly released Meaningful Use Stage 3 proposed rule provide greater clarity or create more confusion? As discussed in our earlier advisory, the Meaningful Use Stage 3...more
Understanding the complexities of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules is often a challenge for health care providers and consumers. Recognizing the widespread...more