The new report from Proofpoint not only provides further evidence of a correlation between cyberattacks and increased patient mortality but also suggests healthcare organizations are better prepared and more resilient against security incidents. In 2018, Dr. Sung Choi...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has proposed an update to the HIPAA Privacy Rule to strengthen protections for reproductive health care data and bolster patient-provider confidentiality. The proposed update is in response to...

The Secretary of the Department of Health and Human Services will not be renewing the COVID-19 Public Health Emergency (PHE), which is set to expire at 11:59 pm on May 11, 2023. That means the four Notices of Enforcement Discretion issued by the HHS’ Office for Civil...

The Department of Health and Human Services’ Office for Civil Rights received more than 51,000 complaints in 2022 about violations of the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health...

In July 2019, members of the workforce at Aveanna Healthcare were targeted with more than 600 phishing emails from an unknown source, attempting to trick the recipients into disclosing login credentials and other sensitive information. Many of the phishing emails were...

In January 2021, an amendment to the HITECH Act was enacted by Congress that required the Secretary of the Department of Health and Human Services to consider the “Recognized Security Practices” that have been implemented by a HIPAA-regulated entity when making...

A hacking incident reported by Oklahoma State University – Center for Health Sciences (OSU-CHS) in January 2018 was investigated by the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) which identified violations of 7 provisions of the...

The HHS’ Office for Civil Rights has announced it has resolved 11 more cases involving violations of the HIPAA Right of Access. 10 of the cases were settled with OCR, and one Civil Monetary Penalty was imposed due to the lack of cooperation with OCR and the failure to...

President Biden has issued an Executive Order on Protecting Access to Reproductive Healthcare Services following the Supreme Court decision that overturned Roe v. Wade. According to the Supreme Court, there is no right to abortion in the Constitution of the United...

Two U.S. senators have written to Xavier Becerra, Secretary of the Department of Health and Human Services, requesting a change to the HIPAA Privacy Rule in the wake of the decision of the Supreme Court (SCOTUS) in Dobbs v. Jackson Women’s Health Organization and the...

The HHS’ Office for Civil Rights (OCR) has recently issued guidance on HIPAA and explained how HIPAA protects the privacy of individuals’ reproductive health information following the decision of the U.S. Supreme Court in Dobbs v. Jackson Women's Health Organization,...

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 introduced new breach reporting requirements for HIPAA-regulated entities and called for the Secretary of the Department of Health and Human Services to create a mechanism for...

Hundreds of U.S. hospitals may be violating the Rules of the Health Insurance Portability and Accountability Act (HIPAA) by including the Meta Pixel tool on their websites, according to an investigation conducted by The Markup/STAT. The revelation has also sparked a...

A new version of the HHS Security Risk Assessment (SRA) Tool has been jointly developed by the Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR). A...

In January 2021, the Health Information Technology for Economic and Clinical Health (HITECH) Act was amended (under Public Law 116-321) to require the Department of Health and Human Services to take any recognized security practices into account when investigating...

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) is seeking public comment on the HITECH Act requirements for sharing HIPAA penalties with harmed individuals and the implementation of the HIPAA Safe Harbor for entities that adhere to...

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first HIPAA fines of 2022 – Two enforcement actions to resolve HIPAA Right of Access violations and two for impermissible PHI disclosures. No financial penalties were...

HHS' Office for Civil Rights (OCR) Director Lisa J. Pino is urging HIPAA-regulated entities to improve their cybersecurity posture in 2022 following a year of increased hacking activity and data breaches. There are no indications that the hacking attempts will fall in...

The Department of Health and Human Services’ Office for Civil Rights has enforced compliance with the Health Insurance Portability and Accountability Act (HIPAA) more aggressively in recent years. While there was a downturn in enforcement actions in 2021, the number...

The bipartisan Health Data Use and Privacy Commission Act has been introduced to bring HIPAA and health data privacy laws into the modern age and ensure that the use of emerging technologies does not put health data at risk. HIPAA was signed into law in 1996 at a time...

Xavier Becerra, Secretary of the U.S. Department of Health and Human Services, has renewed the COVID-19 public health emergency for a further 90 days. Earlier this month, the American Hospital Association (AHA) wrote to Becerra to request an extension to the public...

The Department of Health and Human Services’ Office for Civil Rights has issued guidance for healthcare providers on how the Health Insurance Portability and Accountability Act (HIPAA) applies to disclosures of protected health information (PHI) to support...

The state of New Jersey has imposed another financial penalty to resolve violations of the Health Insurance Portability and Accountability Act (HIPAA) and the New Jersey Consumer Fraud Act, its third penalty in as many months. Regional Cancer Care Associates will pay...

The HHS’ Office for Civil Rights has settled 4 more investigations into potential HIPAA Right of Access violations and has imposed one civil monetary penalty for the failure to provide timely access to medical records. The HIPAA Privacy Rule introduced several new...

New Jersey has fined two printing companies $130,000 over an impermissible disclosure of the protected health information (PHI) of almost 56,000 New Jersey residents in 2016. The fine is part of a settlement reached between Acting Attorney General Andrew J. Bruck and...

The introduction of vaccine mandates in many places of work has led many people to question how the Health Insurance Portability and Accountability Act (HIPAA) Rules apply to disclosures of COVID-19 vaccination information. There are a number of misconceptions about...