Department of Health and Human Services

On February 1, 2018, the Department of Health and Human Services’ Office for Civil Rights announced a settlement with dialysis clinic operator, Fresenius Medical Care, for alleged lax security practices that led to breaches of protected health information.
Continue Reading HHS Announces $3.5 Million Settlement with Fresenius Medical Care

On December 6, 2017, health care provider 21st Century Oncology agreed to pay 2.3 million dollars to settle charges by the Department of Health and Human Services’ Office for Civil Rights that its security practices led to a data breach involving patient information.
Continue Reading Cancer Center Settles with HHS for $2.3 Million over Data Breach

On September 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights issued an announcement containing disaster preparedness and recovery guidance in advance of Hurricane Irma. The announcement underscores key privacy and security issues for entities covered by HIPAA to help them protect individuals’ health information before, during and after emergency situations.
Continue Reading OCR Releases Guidance on HIPAA Compliance During Emergencies

The U.S. Department of Health and Human Services’ Office for Civil Rights and the Health Care Industry Cybersecurity Task Force have published important materials addressing cybersecurity in the health care industry. This blog entry provides highlights on these materials.
Continue Reading OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

On May 10, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a 2.4 million dollar civil monetary penalty against Memorial Hermann Health System for alleged violations of the Health Insurance Portability and Accountability Act of 1996 Privacy Rule.
Continue Reading OCR Fines Texas Health System For Alleged HIPAA Privacy Rule Violation

On April 24, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with CardioNet, Inc., stemming from gaps in policies and procedures uncovered after CardioNet reported breaches of unsecured electronic protected health information.
Continue Reading Wireless Provider Reaches $2.5 Million Settlement with OCR

On April 12, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Metro Community Provider Network that stemmed from MCPN’s lack of a risk analysis and risk management plan that addressed risks and vulnerabilities to protected health information.
Continue Reading OCR Settlement Underscores Importance of Risk Analysis and Risk Management

On February 16, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Memorial Healthcare System that emphasized the importance of audit controls in preventing breaches of protected health information. The 5.5 million dollar settlement with Memorial is the fourth enforcement action taken by OCR in 2017, and matches the largest civil monetary ever imposed against a single covered entity.
Continue Reading OCR Settlement Emphasizes Importance of Audit Controls