Tag Archives: Security Rule

Wireless Provider Reaches $2.5 Million Settlement with OCR

On April 24, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with CardioNet, Inc., stemming from gaps in policies and procedures uncovered after CardioNet reported breaches of unsecured electronic protected health information.… Continue Reading

HHS Announces HIPAA Settlement with UMass

On November 22, 2016, the Department of Health and Human Services announced a $650,000 settlement with University of Massachusetts Amherst, resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Rules. … Continue Reading

OCR Settles Largest HIPAA Violation Against a Single Covered Entity

On August 4, 2016, the U.S. Department of Health and Human Services' Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.… Continue Reading

OCR Enters into First Enforcement Action Against Business Associate

On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.… Continue Reading

Pharmaceutical Company to Plead Guilty and Settle Drug Marketing Charges

Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and … Continue Reading

HHS Releases Guidance on Health Apps and HIPAA Security Rule Crosswalk

Recently, the U.S. Department of Health and Human Services Office for Civil Rights published guidance on the use of mobile health apps as well as a crosswalk that maps the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Framework to the HIPAA Security Rule.… Continue Reading

HIPAA Settlement Emphasizes Importance of Risk Analyses

On December 14, 2015, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with the University of Washington on behalf of the university’s medical center, medical school and affiliated labs and clinics. … Continue Reading

HHS Announces Pre-Audit HIPAA Surveys

The Department of Health and Human Services Office for Civil Rights recently announced that it intends to survey up to 1,200 covered entities and business associates to determine their suitability for a more fulsome HIPAA compliance audit.… Continue Reading

HIPAA Omnibus Rule Compliance Deadline Has Arrived

Today marks the deadline for compliance with the HIPAA Omnibus Rule that was issued in January 2013. Covered entities, business associates and subcontractors that access, use or disclose protected health information should ensure that they meet the new compliance requirements outlined in this post.… Continue Reading
LexBlog