On October 31, 2023, the Office for Civil Rights (OCR) issued a press release announcing that it has settled with Doctors’ Management Services for $100,000 following a ransomware attack that compromised the protected health information of 206,695 individuals.

According to the press release, “this marks the first ransomware agreement OCR has reached.”  The facts underlying

On May 17, 2023, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement with MedEvolve, Inc. for $350,000. MedEvolve provides practice and revenue cycle management and practice analytics software services to health care entities. The settlement resulted from MedEvolve’s alleged violation of the Health Insurance Portability and Accountability

On August 23, 2022, the Office for Civil Rights (OCR) issued a press release announcing that it had settled with New England Dermatology, P.C. (NED) for $300,640 “over the improper disposal of protected health information.”

The OCR’s investigation began after NED submitted a breach report stating that

“empty specimen containers with protected health information on

HIPAA requires covered entities and business associates to report to the Office for Civil Rights (OCR) all breaches of unsecured protected health information when the incident involves fewer than 500 individuals no later than 60 days following the calendar year in which the breach occurred.

This year, the deadline for reporting breaches that occurred in

The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services recently issued its Summer 2021 Cybersecurity Newsletter, which focuses on controlling access to electronic personal health information (ePHI) and the HIPAA Security Rule standards. Citing to a recent report of security incidents and data breaches in the health care

Last week, Diabetes, Endocrinology & Lipidology Center Inc. (DELC) of West Virginia reached a $5,000 settlement with the Office for Civil Rights (OCR) over  allegations that it failed to provide timely access to a patient’s health records.   The OCR alleged that DELC waited more than two years to send a minor’s medical records to their

The Office for Civil Rights (OCR) this week announced a settlement with Peachstate Health Management LLC (aka AEON Clinical Laboratories) following a compliance review that uncovered alleged violations of HIPAA.

The settlement includes a $25,000 payment to OCR by Peachstate, a corrective action plan, and three years of monitoring by OCR.

OCR initiated a compliance

Continuing its serious march against covered entities not allowing patients access to their records, the Office for Civil Rights (OCR) has settled two more cases in two days in its Right of Access Initiative. This brings the tally of OCR’s settlements to a total of 18.

The 17th settlement, with The Arbour, Inc., d/b/a Arbour

Renown Health, P.C. (Renown), a non-profit health system in Nevada, settled with the U.S. Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services in a matter resulting from an enforcement action for a potential violation of patients’ access rights under the OCR’s Health Insurance Portability and Accountability Act of 1996