The Office for Civil Rights (OCR) recently announced another settlement involving investigations under its Right of Access Initiative. This settlement, the sixteenth such agreement under the Initiative (and one of the most interesting), involves San Diego-based Sharp HealthCare, doing business as Sharp Rees-Stealy Medical Centers (SRMC). In the settlement, OCR alleged that it received a
Office for Civil Rights
Excellus Health Plan Pays $5.1M to OCR in Settlement Following Data Breach
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently announced that it had entered into a Resolution Agreement, Corrective Action Plan, and settlement with Lifetime Healthcare, Inc., the parent of Excellus Health Plan, over alleged violations of HIPAA relating to a data breach that occurred from December 23, 2013 through…
OCR Settles Another Right-of-Access Initiative Case
The Office for Civil Rights (OCR) issued a press release on November 12, 2020, announcing that it had settled its eleventh enforcement action in its HIPAA Right-of-Access Initiative. The settlement with Dr. Rajendra Bhayani, an otolaryngologist (ENT) practicing in Regal Park, New York, included a payment of $15,000, a corrective action plan and two years…
OCR’s Tenth Right to Access Settlement Is Small but Meaningful
The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000.
Although a relatively small settlement in the amount paid, it shows that the OCR is taking patients’ requests for access to their medical records seriously, and that no complaint is too…
OCR Settles with NY Spine for Failure to Provide Access to Records
Continuing its enforcement priority of assisting patients with obtaining access to their health records, the Office for Civil Rights (OCR) recently settled its ninth case with a covered entity that it alleged failed to provide proper access of health records to a patient.
NY Spine Medicine, a medical practice providing neurological and pain management series…
OCR Settles Five Investigations Under “Right of Access” Initiative
The Office for Civil Rights (OCR) announced yesterday that it has settled five investigations in its HIPAA “Rights to Access” Initiative (Initiative), which OCR had stated would be an enforcement priority for it starting in 2019. The Initiative is “to support individuals’ right to timely access to their health records at a reasonable cost under…
Size Doesn’t Matter for OCR Enforcement Actions
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion.
On July 23, 2020, the OCR issued a press release outlining the terms of its settlement with Metropolitan Community…
COVID-19: HHS Issues FAQs on HIPAA and Telehealth to Help Providers Maintain Access to Care During the Pandemic
On March 20, the U.S. Department of Health and Human Services (HHS) issued additional guidance in the form of Frequently Asked Questions (FAQs) on HIPAA and telehealth services to help providers furnish care during the COVID-19 pandemic.
The FAQs follow and provide further information on the Notification of Enforcement Discretion issued by HHS…
Yearly Data Breach Reporting Due to OCR by February 29
Every year, we remind our readers that the HIPAA data breach notification regulations require covered entities to notify the Office for Civil Rights (OCR) of any reportable data breaches that involved fewer than 500 individuals and have not already been self-reported within 60 days following the calendar year. That means that covered entities are required…
Dental Practice Pays $10,000 Fine to OCR for Disclosing PHI on Social Media
Elite Dental Associates (Elite), located in Dallas, Texas has agreed to settle alleged HIPAA violations with the Office for Civil Rights (OCR) for $10,000.
The OCR alleged that it received a complaint from a patient in June of 2016 that Elite had disclosed the patient’s last name and details of the patient’s health condition on…