On September 7, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights issued an announcement containing disaster preparedness and recovery guidance in advance of Hurricane Irma. The announcement underscores key privacy and security issues for entities covered by HIPAA to help them protect individuals’ health information before, during and after emergency situations.
Continue Reading OCR Releases Guidance on HIPAA Compliance During Emergencies

The U.S. Department of Health and Human Services’ Office for Civil Rights and the Health Care Industry Cybersecurity Task Force have published important materials addressing cybersecurity in the health care industry. This blog entry provides highlights on these materials.
Continue Reading OCR and Health Care Industry Cybersecurity Task Force Publish Cybersecurity Materials

On April 24, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had entered into a resolution agreement with CardioNet, Inc., stemming from gaps in policies and procedures uncovered after CardioNet reported breaches of unsecured electronic protected health information.
Continue Reading Wireless Provider Reaches $2.5 Million Settlement with OCR

On April 12, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Metro Community Provider Network that stemmed from MCPN’s lack of a risk analysis and risk management plan that addressed risks and vulnerabilities to protected health information.
Continue Reading OCR Settlement Underscores Importance of Risk Analysis and Risk Management

On February 1, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights announced a 3.2 million dollar civil monetary penalty against Children’s Medical Center of Dallas for alleged ongoing violations of the HIPAA Privacy and Security Rules, following two consecutive breaches of patient ePHI.
Continue Reading OCR Issues Penalty for Noncompliance with HIPAA Privacy and Security Rules

On August 4, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Advocate Health Care Network over alleged HIPAA violations. The multimillion dollar settlement with Advocate is the largest settlement to date against a single covered entity.
Continue Reading OCR Settles Largest HIPAA Violation Against a Single Covered Entity