The Department of Health and Human Services Office for Civil Rights (OCR) announced this week that it has settled the largest health care data breach for the largest enforcement fine in history. OCR settled the massive data breach Anthem suffered in 2015 for $16 million—a substantially larger fine than any others assessed by OCR for
Office for Civil Rights
July Worst Month in 2018 for Health Care Data Breaches Reported to OCR
By Linn Foster Freedman on
Posted in HIPAA and Health Information
Data breaches continue to plague the health care industry, and July 2018 was the worst month so far this year in the number of data breaches reported to the Office for Civil Rights (OCR). Thirty-three data breaches were reported by covered entities and business associates in July, with the largest one reported by UnityPoint Health,…
OCR Prevails with ALJ Against MD Anderson for $4.3 Million in HIPAA Fines and Penalties
By Linn Foster Freedman on
It is a rare occurrence when a health care entity challenges the Office for Civil Rights (OCR) regarding proposed fines and penalties for HIPAA violations. In my memory, it has only happened once before.
On June 1, 2018, an Administrative Law Judge (ALJ) granted summary judgment in favor of the OCR against The University of…
Paper Records Still Problematic for Health Care Providers
Data breaches continue to be an issue for health care providers, as indicated when looking at breaches reported to the Office for Civil Rights (OCR), as required by HIPAA. In the first three months of 2018, there were 77 breaches of protected health information (PHI) reported to OCR, which included more than one million patient…
473,807 Patient Records Compromised in January, 2018—83 Percent Caused by Hacking Incidents
By Linn Foster Freedman on
The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. Twelve of the reported breaches were attributable to insiders, which was 32 percent of the data breaches reported in January. Seven of those incidents were…
Dumpster Diving Leads to $100,000 Fine for Defunct Business Associate Due to Improper Disposal of Medical Records
By Conor Duffy on
On February 13, 2018, the HHS Office for Civil Rights (OCR) announced a $100,000 settlement with a court-appointed receiver representing Filefax, Inc. (Filefax) arising from the 2015 discovery of medical records that contained protected health information (PHI) of over two thousand individuals in a dumpster. Filefax, a now-defunct medical records moving and storage company located…
OCR Warns of Cyber Extortion and Provides Checklist
By Linn Foster Freedman on
Posted in HIPAA and Health Information
In its January newsletter, the Office for Civil Rights (OCR) focused on cyber extortion, which it stated has “risen steadily over the past couple of years and continue to be a major source of disruption for many organizations.” Since the health care industry has been the target of cyber extortion attacks, the OCR is…
Fresenius Pays OCR $3.5M for Five Separate Data Breaches Affecting a Total of 521 Individuals
By Linn Foster Freedman on
Posted in HIPAA and Health Information
In the first settlement for HIPAA violations in 2018, Fresenius Medical Care North America (Fresenius) has agreed to pay $3.5 million to the Office for Civil Rights (OCR) to settle allegations against it relating to five data breaches that occurred over a four month period in 2012. Interestingly, the five separate breaches affected the information…
Health Care Organizations Saw an 89% Increase in Ransomware in 2017
By Linn Foster Freedman on
Posted in Cybersecurity
Our experience last year is consistent with the conclusion of a new report issued by Cryptonite in its 2017 Health Care Cyber Research Report—that the number of hacking events targeted at health care entities involving ransomware increased a whopping 89% from 2016.
The report analyzed the self-reporting database of the Office for Civil Rights…
OCR Warns Health Care Industry of Risks with Previous Employees
By Linn Foster Freedman on
In its November newsletter, the Office for Civil Rights (OCR) made a great point that we are seeing in the industry—the risks associated with previous employees. According to its newsletter, entitled “Insider Threats and Termination Procedures,” the OCR states “Data breaches caused by current and former workforce members are a recurring issue across…