The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA “Rights to Access” Initiative (Initiative), which OCR had stated would be an enforcement priority for it starting in 2019. The Initiative is “to support individuals’ right to timely access to their health records at a reasonable cost under
OCR
Size Doesn’t Matter for OCR Enforcement Actions
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion.
On July 23, 2020, the OCR issued a press release outlining the terms of its settlement with Metropolitan Community…
OCR Issues Guidance About Media Access to Health Care Facilities
These days, news stations are frequently running stories concerning people being treated for COVID-19, the providers working tirelessly to care for them, and politicians visiting health care facilities for a first-hand look at the crisis. In response to the media interest, the Office for Civil Rights (OCR) issued guidance on May 5, 2020 to healthcare…
OCR Issues Additional Guidance on HIPAA for Providers and First Responders on COVID-19 Front Lines
On March 24, 2020, the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued new HIPAA guidance to help providers and first responders in its efforts to combat the COVID-19 pandemic.
OCR’s guidance addresses when HIPAA allows disclosures without patient authorization of identifying health information to first responders – such…
COVID-19: HHS Issues FAQs on HIPAA and Telehealth to Help Providers Maintain Access to Care During the Pandemic
On March 20, the U.S. Department of Health and Human Services (HHS) issued additional guidance in the form of Frequently Asked Questions (FAQs) on HIPAA and telehealth services to help providers furnish care during the COVID-19 pandemic.
The FAQs follow and provide further information on the Notification of Enforcement Discretion issued by HHS…
Department of Health & Human Services Office for Civil Rights Issues Guidance Regarding HIPAA Privacy and Novel Coronavirus
The Office of Civil Rights (OCR) last month provided guidance and a reminder to HIPAA covered entities and their business associates regarding the sharing of patient health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule during an outbreak or emergency situation such as what we are all facing right now…
Yearly Data Breach Reporting Due to OCR by February 29
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500 individuals and have not already been self-reported within 60 days following the calendar year. That means that covered entities are required…
OCR Announces Second $85,000 Settlement for Alleged Violations of the Individual Right of Access under HIPAA
On December 12, 2019, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced its second “HIPAA Right of Access Initiative” settlement of alleged HIPAA violations.
The HIPAA Right of Access Initiative is a new effort in 2019 by OCR to monitor compliance with HIPAA requirements addressing patient rights to promptly…
Misdirected Hospital Bills Lead to $2.175 Million HIPAA Settlement
On November 27, 2019, the U.S. Department of Health & Human Services Office for Civil Rights (OCR) announced a $2.175 million dollar settlement with a hospital system to resolve alleged violations of HIPAA’s Breach Notification Rule and Privacy Rule. The settlement is noteworthy as it represents OCR’s fourth HIPAA settlement in excess of $1 million…
Texas Health and Human Services Fined $1.6 Million for HIPAA Violations
The Office for Civil Rights (OCR) announced that it has fined the Texas Health and Human Services Commission (TXHHS) $1.6 million for HIPAA violations. This is one of the few fines the OCR has levied against a state agency.
The fine centers around a data breach that TXHHS self-reported to the OCR in June 2015…