On April 11, 2023 – one month in advance of the end of the COVID-19 public health emergency (PHE) on May 11, 2023 – the federal Office for Civil Rights (OCR) confirmed that various Notifications of Enforcement Discretion issued under HIPAA during the PHE will expire at the end of the day on May 11
Office of Civil Rights
OCR Cybersecurity Newsletter Focuses on Controlling Access to ePHI
The Office of Civil Rights (OCR) of the U.S. Department of Health & Human Services recently issued its Summer 2021 Cybersecurity Newsletter, which focuses on controlling access to electronic personal health information (ePHI) and the HIPAA Security Rule standards. Citing to a recent report of security incidents and data breaches in the health care…
Department of Health & Human Services Office for Civil Rights Issues Guidance Regarding HIPAA Privacy and Novel Coronavirus
The Office of Civil Rights (OCR) last month provided guidance and a reminder to HIPAA covered entities and their business associates regarding the sharing of patient health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule during an outbreak or emergency situation such as what we are all facing right now…
Diagnostic Medical Imaging Company Pays $3 Million to Resolve Potential HIPAA Violations Stemming from Data Breach
The Office of Civil Rights (OCR), the enforcement arm of the Department of Health & Human Services (HHS), announced that a Tennessee diagnostic medical imaging services company has agreed to pay $3 million to settle potential HIPAA violations arising from a data breach that exposed over 300,000 patients’ protected health information. As part of the…
OCR Announces $125,000 Settlement for Disclosure of Patient Information to Reporter
The United States Department of Health & Human Services, Office of Civil Rights (OCR) announced a settlement this week with Allergy Associates of Hartford, P.C. whereby Allergy Associates agreed to pay $125,000 to resolve a HIPAA violation complaint that alleged the covered entity impermissibly disclosed the complainant’s Protected Health Information (PHI) to an unauthorized third…
OCR Issues Guidance on Disposing Electronic Data and Media
In its July newsletter on cybersecurity, the Office for Civil Rights (OCR) released “Guidance on Disposing of Electronic Devices and Media,” which outlines the requirements health care providers and business associates have regarding the security of electronic data and media under the HIPAA Security Rule.
The newsletter reminds health care providers and business associates that…
Lessons Learned from Recent OCR HIPAA Audits
Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) following OCR’s recent announcement of a large HIPAA settlement last month on the heels of its release of the preliminary results…
The Biggest Health Care Data Breaches in 2017
Health Data Management (HDM), using information compiled by Protenus Breach Barometer, published a list this week of the biggest health care data breaches so far in 2017.
The list used data accessible on the Office for Civil Rights website regarding self-reported breaches by health care entities. According to HDM, approximately 200 data breaches affecting more…
Orleans Medical Clinic Notifies 6,890 Patients of Data Breach
Orleans Medical Clinic (Orleans) in Indiana has notified the Office for Civil Rights that the protected health information of 6,890 patients was compromised as a result of an upgrade to its server. Orleans is in the process of notifying the affected patients whose information was exposed. According to Orleans, when it upgraded its server, its…
Record HIPAA Settlement Paid by Hospital Chain
Federal regulators announced last week that Illinois’ largest hospital chain would pay $5.5 million, a record payment under the Health Insurance Portability and Accountability Act (HIPAA), in connection with three 2013 data breaches that affected the protected health information of millions of its patients. The Advocate Health Care Network, which manages twelve hospitals and hundreds…