On September 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights issued an announcement containing disaster preparedness and recovery guidance in advance of Hurricane Irma. The announcement underscores key privacy and security issues for entities covered by HIPAA to help them protect individuals’ health information before, during and after emergency situations.
Continue Reading OCR Releases Guidance on HIPAA Compliance During Emergencies
Security Rule
OCR Releases Improved Data Breach Reporting Tool
On July 25, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced the release of an updated web tool that highlights recent data breaches of health information. …
Continue Reading OCR Releases Improved Data Breach Reporting Tool
OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials
The U.S. Department of Health and Human Services’ Office for Civil Rights and the Health Care Industry Cybersecurity Task Force have published important materials addressing cybersecurity in the health care industry. This blog entry provides highlights on these materials.
Continue Reading OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials
Wireless Provider Reaches $2.5 Million Settlement with OCR
On April 24, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with CardioNet, Inc., stemming from gaps in policies and procedures uncovered after CardioNet reported breaches of unsecured electronic protected health information.
Continue Reading Wireless Provider Reaches $2.5 Million Settlement with OCR
OCR Settlement Underscores Importance of Risk Analysis and Risk Management
On April 12, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Metro Community Provider Network that stemmed from MCPN’s lack of a risk analysis and risk management plan that addressed risks and vulnerabilities to protected health information. …
Continue Reading OCR Settlement Underscores Importance of Risk Analysis and Risk Management
OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules
On February 1, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a 3.2 million dollar civil monetary penalty against Children’s Medical Center of Dallas for alleged ongoing violations of the HIPAA Privacy and Security Rules, following two consecutive breaches of patient ePHI.
Continue Reading OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules
HHS Announces HIPAA Settlement with UMass
On November 22, 2016, the Department of Health and Human Services announced a $650,000 settlement with University of Massachusetts Amherst, resulting from alleged violations of the Health Insurance Portability and Accountability Act of 1996 Privacy and Security Rules. …
Continue Reading HHS Announces HIPAA Settlement with UMass
HHS Releases Guidance on HIPAA and Cloud Computing
Earlier this month, the Department of Health and Human Services’ Office for Civil Rights issued guidance for HIPAA-covered entities that use cloud computing services involving electronic protected health information. …
Continue Reading HHS Releases Guidance on HIPAA and Cloud Computing
OCR Settles Largest HIPAA Violation Against a Single Covered Entity
On August 4, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.
Continue Reading OCR Settles Largest HIPAA Violation Against a Single Covered Entity
OCR Settles Two HIPAA Cases with Public Health Centers in Oregon and Mississippi
The U.S. Department of Health and Human Services’ Office for Civil Rights recently entered into resolution agreements with two large public health centers over alleged HIPAA violations.
Continue Reading OCR Settles Two HIPAA Cases with Public Health Centers in Oregon and Mississippi