The Office of Civil Rights (OCR) last month provided guidance and a reminder to HIPAA covered entities and their business associates regarding the sharing of patient health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule during an outbreak or emergency situation such as what we are all facing right now
Office of Civil Rights
Diagnostic Medical Imaging Company Pays $3 Million to Resolve Potential HIPAA Violations Stemming from Data Breach
By Jean Tomasco on
Posted in Data Breach, HIPAA and Health Information
The Office of Civil Rights (OCR), the enforcement arm of the Department of Health & Human Services (HHS), announced that a Tennessee diagnostic medical imaging services company has agreed to pay $3 million to settle potential HIPAA violations arising from a data breach that exposed over 300,000 patients’ protected health information. As part of the…
OCR Announces $125,000 Settlement for Disclosure of Patient Information to Reporter
By Deborah George on
The United States Department of Health & Human Services, Office of Civil Rights (OCR) announced a settlement this week with Allergy Associates of Hartford, P.C. whereby Allergy Associates agreed to pay $125,000 to resolve a HIPAA violation complaint that alleged the covered entity impermissibly disclosed the complainant’s Protected Health Information (PHI) to an unauthorized third…
OCR Issues Guidance on Disposing Electronic Data and Media
By Linn Foster Freedman on
In its July newsletter on cybersecurity, the Office for Civil Rights (OCR) released “Guidance on Disposing of Electronic Devices and Media,” which outlines the requirements health care providers and business associates have regarding the security of electronic data and media under the HIPAA Security Rule.
The newsletter reminds health care providers and business associates that…
Lessons Learned from Recent OCR HIPAA Audits
By Virginia McGarrity & Alisha Sullivan on
Posted in HIPAA and Health Information, Uncategorized
Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) following OCR’s recent announcement of a large HIPAA settlement last month on the heels of its release of the preliminary results…
The Biggest Health Care Data Breaches in 2017
By Linn Foster Freedman on
Posted in Health Information Privacy
Health Data Management (HDM), using information compiled by Protenus Breach Barometer, published a list this week of the biggest health care data breaches so far in 2017.
The list used data accessible on the Office for Civil Rights website regarding self-reported breaches by health care entities. According to HDM, approximately 200 data breaches affecting more…
Orleans Medical Clinic Notifies 6,890 Patients of Data Breach
By Linn Foster Freedman on
Posted in Data Breach
Orleans Medical Clinic (Orleans) in Indiana has notified the Office for Civil Rights that the protected health information of 6,890 patients was compromised as a result of an upgrade to its server. Orleans is in the process of notifying the affected patients whose information was exposed. According to Orleans, when it upgraded its server, its…
Record HIPAA Settlement Paid by Hospital Chain
By Brian Wheelin on
Federal regulators announced last week that Illinois’ largest hospital chain would pay $5.5 million, a record payment under the Health Insurance Portability and Accountability Act (HIPAA), in connection with three 2013 data breaches that affected the protected health information of millions of its patients. The Advocate Health Care Network, which manages twelve hospitals and hundreds…