On June 30, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with Catholic Health Care Services of the Archdiocese of Philadelphia. This is the first enforcement action OCR has taken against a business associate since the HIPAA Omnibus Rule was enacted in 2013.
Continue Reading OCR Enters into First Enforcement Action Against Business Associate

Recently, Aegerion Pharmaceuticals announced that it will enter into several settlements and plead guilty to two misdemeanors in connection with alleged violations of HIPAA, drug marketing regulations and securities laws. The criminal charges stem from the company’s marketing of a cholesterol drug called Juxtapid. Aegerion allegedly failed to comply with risk evaluation and management strategies and marketed Juxtapid (which is labeled with a warning about liver toxicity) without proper directions for use. 
Continue Reading Pharmaceutical Company to Plead Guilty and Settle Drug Marketing Charges

In March 2016, the Department of Health and Human Services announced resolution agreements with North Memorial Health Care of Minnesota and The Feinstein Institute for Medical Research over potential violations of the HIPAA Privacy Rule.
Continue Reading HHS Announces Settlements with Health Care System and Medical Research Institute over Potential HIPAA Violations

Recently, the U.S. Department of Health and Human Services Office for Civil Rights published guidance on the use of mobile health apps as well as a crosswalk that maps the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity Framework to the HIPAA Security Rule.
Continue Reading HHS Releases Guidance on Health Apps and HIPAA Security Rule Crosswalk

On January 5, 2016, the Federal Trade Commission announced that dental office management software provider, Henry Schein Practice Solutions, Inc., agreed to settle FTC charges that accused the company of falsely advertising the level of encryption it used to protect patient data.
Continue Reading FTC Settles with Dental Practice Software Provider over Charges of Misleading Consumers with Respect to Data Encryption

On December 14, 2015, the U.S. Department of Health and Human Services’ Office for Civil Rights announced that it had settled potential HIPAA Security Rule violations with the University of Washington on behalf of the university’s medical center, medical school and affiliated labs and clinics.
Continue Reading HIPAA Settlement Emphasizes Importance of Risk Analyses

On July 10, 2015, the House of Representatives passed the 21st Century Cures Act, which is intended to ease restrictions on the use and disclosure of protected health information for research purposes.
Continue Reading House of Representatives Passes Bill to Permit Broader Use and Disclosure of Protected Health Information for Research Purposes

On May 7, 2014, the Department of Health and Human Services announced that NewYork-Presbyterian Hospital and Columbia University agreed to pay 4.8 million dollars in the largest HIPAA settlement to date, to settle charges that they potentially violated the HIPAA Privacy and Security Rules.
Continue Reading HHS Announces 4.8 Million Dollar Settlement with New York Hospital and Medical School for Potential HIPAA Violations