Patient medical record access guidance has been issued by the Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC). The HIPAA Privacy Rule permits patients to obtain copies of their health information from...

The healthcare industry is under attack from hackers and malicious insiders. Systems are being compromised at a greater rate than ever before. Last year saw record numbers of HIPAA breaches reported to OCR and the trend has continued in 2017. This year looks like it...

The recent ransomware attacks and healthcare IT security incidents have driven the Department of Health and Human Services’ Office for Civil Rights to release a reminder to covered entities about HIPAA Rules on security breaches. In its May 2017 Cyber Newsletter, OCR...

Iliana Peters, Office for Civil Rights Senior Advisor for HIPAA Compliance and Enforcement, has given an update on OCR’s enforcement activities in a recent Health Care Compliance Association ‘Compliance Perspectives’ podcast. OCR reviews all data breaches involving...

The Trump administration has revealed its 2018 fiscal budget with the Department of Health and Human Services’ Office for Civil Rights (OCR) and Office of the National Coordinator for Health Information Technology (ONC) both facing major cuts to their operational...

St. Luke’s-Roosevelt Hospital Center Inc., has paid OCR $387,200 to resolve potential HIPAA violations identified during an OCR investigation of a complaint about a disclosure of PHI without permission. In September 2014, OCR was informed of a potential privacy...

Following the recent WannaCry ransomware attacks, the Department of Health and Human Services’ Office for Civil Rights (OCR) was particularly active. OCR sent out warnings, updates, and threat information related to WannaCry ransomware. OCR also took the attacks as an...

A $2.4y m settlement has been agreed by Memorial Hermann Health System with the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle potential HIPAA Privacy Rule violations  The settlement arises from an impermissible disclosure on an...

A class action lawsuit has been filed following an allegation claiming that telemedicine company MDLive violated the privacy of patients by releasing sensitive medical information to a third party without informing, or obtaining consent from, subscribednpatients. App...

CardioNet, a Pennsylvania-based provider of remote mobile monitoring and rapid response services to patients at risk for cardiac arrhythmias, has agreed a $2.5 million settlement to resolve potential HIPAA violations. Compensation settlements have, in the past been,...

Patient records held by the New York Organ Donor Network must be turned over to a plaintiff, and that the request cannot be denied based on HIPAA, following a ruling made by a New York Supreme Court Judge. Patrick McMahon claims he was removed from his role of...

A legal action has been taken action against a Denver, CO-based federally-qualified health center (FQHC), by Department of Health and Human Services’ Office for Civil Rights (OCR) for security management process failures that contributed to the organization...

Indications are that 2017 will be another record breaking year for healthcare data violations. Results for the first quarter of 2017 show data breaches have risen, with rises in theft incidents, hacks and unauthorized disclosures. Last year was a very bad year for...

The Kentucky-based 6-hospital health organization Med Center Health has reported a data violation affecting around 160,000 patients. Med Center Health believes a former staff member may have stolen patients’ protected health information (PHI) prior to leaving their...

Following the appointment of Roger Severino as head of OCR many human rights organizations have expressed concern over  due to the views he views regarding transgender people and same-sex marriages. Mr Severino has written a number of reports in which he has expressed...

Former civil rights trial attorney Roger Severino has been appointed by The Department of Health and Human Services’ Office for Civil Rights has a new leader by The Trump Administration. Mr Severino will lead the HIPAA enforcement efforts of the Office for Civil...

A medical physician at the Dr. O Medical and Wellness Center in San Antonio, Texas allegedly retaliated against a patient by posting a recorded video of the person wearing only underwear on Facebook and YouTube. The actions of the physician, which appear to be a clear...

With Phase 2 of the Department of Health and Human Services’ Office for Civil Rights HIPAA compliance audits now well underway, the American Health Information Management Association (AHIMA) has updated its HIPAA audit readiness toolkit. Late last year, covered bodies...

The Health Insurance Portability and Accountability Act (HIPAA) allows patients to access a copy of their medical records in electronic or paper form. In 2016, the Department of Health and Human Services released a series of videos and documentation to outline...

Horizon Blue Cross Blue Shield of New Jersey (Horizon BCBSNJ) has agreed to pay a $1.1 million fine for failing to protect the electronic protected health information of almost 690,000 plan members. The New Jersey Division of Consumer Affairs made the announcement of...

The official deadline for reporting 2016 healthcare data breaches which impacted fewer than 500 people is March 1, 2017. The Health Insurance Portability and Accountability Act’s Breach Notification Rule states that all covered bodies must report breaches of unsecured...

The Department of Health and Human Services’ Office for Civil Rights (OCR), equaling last year’s record HIPAA settlement with Advocate Health, announced that a $5.5 million settlement had been agreed with Florida-based Memorial Healthcare Systems to settle potential...

In January 2017, the Department of Health and Human Services’ Office for Civil Rights issued a communication to covered entities in relation to the late reporting of data breaches following the announcement of a settlement with Chicago-based healthcare network...

The Children’s Medical Center of Dallas has paid a civil monetary penalty of $3.2 million to resolve multiple HIPAA violations spanning several years. The Department of Health and Human Services’ Office for Civil Rights (OCR) made the announcement revealing the fine...

Covenant HealthCare has advised more than 6,000 patients that their electronic medical records were inappropriately accessed by one of its staff members. The improper access was identified during a November 2016 review of EMR access logs. The audit revealed an unusual...

The first HIPAA settlement of 2017 has been announced by the Department of Health and Human Services’ Office for Civil Rights (OCR). This is also the first settlement to date specifically based on an unnecessary delay to breach notification after the exposure of...

MAPFRE Life Assurance Company of Puerto Rico – A subsidiary of MAPFRE S.A., of Spain – has agreed a $2.2 million settlement, with the U.S. Department of Health and Human Services’ Office for Civil Rights, to resolve potential noncompliance with the Health Insurance...

During her campaign to become Republican state senator for Virginia in 2015, Henrico County physician Siobhan Dunnavant, M.D., impermissably used patients’ contact information – classed as protected health information under HIPAA Rules – to garner donations from...

HIPAA settlements reached record highs in 2016. This is in part due to the Department of Health and Human Services’ Office for Civil Rights increasing its enforcement activities in recent years. In total, payments of $22,855,300 were made to OCR in 2016 to resolve...