settlements

OCR Enters into Two More Settlements for Failure to Conduct Security Risk Assessments

By Linn Foster Freedman on July 10, 2025

The Office for Civil Rights (OCR) entered into two recent settlements with covered entities alleging that they failed to conduct security risk assessments. The settlements indicate that OCR will continue to aggressively regulate potential violations of the Health Insurance Portability and Accountability Act (HIPAA), particularly for failure to conduct risk assessments.

Deer Oaks

On July 7…

Northeast Radiology Settles with OCR

By Linn Foster Freedman on April 17, 2025

Posted in Health Information Privacy

The Office for Civil Rights (OCR) announced on April 10, 2025, that it has settled alleged HIPAA Security Rule violations with Northeast Radiology for $350,000.

The investigation followed a breach report by Northeast Radiology to OCR in March 2020 after unauthorized individuals accessed radiology images stored in PAC servers. Northeast Radiology notified 298,532 patients of…

A Year in Privacy and Security: Privacy Violations, Large-Scale Data Breaches, and Big Fines and Settlements

By Kathryn Rattigan on January 2, 2025

Posted in Enforcement + Litigation

2024 was a year chock-full of data breaches and privacy violations. Many new data privacy and cybersecurity regulations were introduced (and became effective), and regulators sent a strong message to businesses that privacy must be at the forefront of their strategy and goals and that robust security controls are required to protect employee and consumer…

OCR Active with Settlements and Enforcement Actions in November and Early December

By Linn Foster Freedman on December 12, 2024

Posted in HIPAA and Health Information

The Office for Civil Rights of the Department of Health and Human Services (OCR) was busy negotiating and settling enforcement actions in November and early December. Since October 31, 2024, the OCR has settled five separate cases of alleged HIPAA violations. The settlements include resolution agreements and civil monetary penalties.

One of the settlements and…

Lessons Learned from Recent OCR HIPAA Audits

By Virginia McGarrity & Robinson+Cole's Data Privacy + Cybersecurity Team on January 9, 2018

Posted in HIPAA and Health Information, Uncategorized

Covered entities, including employer sponsored health plans, should brace for audits and enforcement of the Privacy, Security, and Breach Notification rules by the Department of Health & Human Service Office of Civil Rights (OCR) following OCR’s recent announcement of a large HIPAA settlement last month on the heels of its release of the preliminary results…

Data Privacy + Cybersecurity Insider