Tag Archives: Privacy Rule

OCR Releases Guidance on HIPAA Compliance During Emergencies

On September 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights issued an announcement containing disaster preparedness and recovery guidance in advance of Hurricane Irma. The announcement underscores key privacy and security issues for entities covered by HIPAA to help them protect individuals’ health information before, during and after emergency situations.… Continue Reading

OCR Settlement Emphasizes Importance of Audit Controls

On February 16, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Memorial Healthcare System that emphasized the importance of audit controls in preventing breaches of protected health information. The 5.5 million dollar settlement with Memorial is the fourth enforcement action taken by OCR in 2017, and matches the largest civil monetary ever imposed against a single covered entity.… Continue Reading

HHS Announces HIPAA Settlement with UMass

On November 22, 2016, the Department of Health and Human Services announced a $650,000 settlement with University of Massachusetts Amherst, resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Rules. … Continue Reading

Pharmaceutical Company to Plead Guilty and Settle Drug Marketing Charges

Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading

HHS Settles Case Involving Unattended Medical Records

On June 23, 2014, the Department of Health and Human Services announced a resolution agreement and 800,000 USD settlement with Parkview Health System, Inc. following a complaint involving patient medical records that were left unattended on a physician’s driveway. … Continue Reading

HHS Announces Pre-Audit HIPAA Surveys

The Department of Health and Human Services Office for Civil Rights recently announced that it intends to survey up to 1,200 covered entities and business associates to determine their suitability for a more fulsome HIPAA compliance audit.… Continue Reading

HIPAA Omnibus Rule Compliance Deadline Has Arrived

Today marks the deadline for compliance with the HIPAA Omnibus Rule that was issued in January 2013. Covered entities, business associates and subcontractors that access, use or disclose protected health information should ensure that they meet the new compliance requirements outlined in this post.… Continue Reading

HHS Releases Model Notices of Privacy Practices

This week, the Department of Health and Human Services' Office for Civil Rights, in conjunction with the Office of the National Coordinator for Health Information Technology, released model Notices of Privacy Practices.… Continue Reading

HHS Settles with Shasta Regional Medical Center

On June 13, 2013, the Department of Health and Human Services announced a resolution agreement and 275,000 dollar settlement with Shasta Regional Medical Center in connection with impermissible disclosures of protected health information to the media, as well as to Shasta’s entire workforce.… Continue Reading
LexBlog