2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy must be at the forefront of their strategy and goals and that robust security controls are required to protect employee and consumer
settlements
OCR Active with Settlements and Enforcement Actions in November and Early December
By Linn Foster Freedman on
Posted in HIPAA and Health Information
The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate cases of alleged HIPAA violations. The settlements include resolution agreements and civil monetary penalties.
One of the settlements and…
Lessons Learned from Recent OCR HIPAA Audits
By Virginia McGarrity & Robinson+Cole's Data Privacy + Cybersecurity Team on
Posted in HIPAA and Health Information, Uncategorized
Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) following OCR’s recent announcement of a large HIPAA settlement last month on the heels of its release of the preliminary results…