HHS Issues Guidelines for Appropriate Use of Online Tracking Technology and HIPAA

Healthcare providers frequently use online tracking technologies - scripts or codes on a website or mobile app used to gather information about users as the users interact with the site or app. These technologies frequently have access to PHI. The Department of Health and Human Services (HHS) recently issued a guidance bulletin to raise awareness of the inappropriate use of online tracking technologies. [...]

2023-07-25T15:21:32-04:00December 7th, 2022|

OCR Budget Proposal Seeks More Money for Enforcement and Fines

The Department of Health and Human Services’ Office for Civil Rights (OCR) has added its two cents to the federal budget the President proposes and Congress approves each year. OCR has proposed that its budget for 2023 be increased by 55%, to a total of $60.2 million. What does OCR want to use the money for? A 64% increase in staffing. Which [...]

2023-07-27T09:18:48-04:00May 11th, 2022|

The Fines They Are A’Changin’: Lessons from 2021 HIPAA Fines

This year, the Department of Health and Human Services’ Office for Civil Rights (OCR) resolved 14 enforcement actions it had filed against healthcare providers, health plans, and clinical labs. OCR resolved all but one of these 13 through entering into a Settlement Agreement with the covered entity. In the remaining action, OCR imposed a civil monetary penalty on the provider. The lessons from 2021 HIPAA fines are three-fold: [...]

2023-08-08T15:54:39-04:00December 17th, 2021|

OCR Settles 5 HIPAA Right of Access Complaints

On November 30, 2021, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of five HIPAA right of access investigations. OCR settled four right of access complaints, with providers in Ohio, Colorado, Oregon and North Carolina. OCR imposed a civil monetary penalty (CMP) on a fifth provider, a cardiologist in Long Island (New Hyde Park), New York. OCR imposed a penalty [...]

2023-07-27T15:51:12-04:00December 3rd, 2021|

HHS Increases Civil Monetary Penalties for HIPAA Violations

Under federal government logic, when the cost of living goes up, the amounts of monetary penalties for violations of certain federal laws must go up too. So, in November of 2021, the Department of Health and Human Services announced that it was raising the civil monetary penalties for each of the four tiers of HIPAA violations. The new dollar values are discussed below. [...]

2023-07-27T15:52:24-04:00December 1st, 2021|

Healthcare Groups Push Back on Proposal to Modify HIPAA Privacy Rule

In January of 2021, the Department of Health and Human Services (HHS) published a Notice of Proposed Rulemaking (Notice) to modify the HIPAA Privacy Rule. HHS has proposed to modify the Privacy Rule right of access provision by (among other measures) requiring providers, at an individual’s request, to mail or electronically transmit PHI to or through the individual’s personal health application (PHA). HHS seeks to define PHAs as [...]

2023-07-28T13:21:07-04:00May 14th, 2021|

OCR Fraud Alert! Beware of This Postcard

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) enforces the HIPAA regulations through investigations, civil monetary penalties, and settlements. On April 26, 2021, OCR announced that it had been made aware of postcards being sent to healthcare organizations informing the recipients that they are required to participate in a “Required Security Risk Assessment.” The postcards instruct recipients to send the risk assessment to [...]

2023-07-28T13:34:34-04:00April 27th, 2021|

$65,000 Right of Access Violation Settlement

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently announced its seventeenth settlement of an enforcement action under its HIPAA Right of Access Initiative. The Arbour, Inc., doing business as Arbour Hospital (Arbour), has agreed to pay $65,000 to settle a potential right of access standard violation. Arbor has also agreed to submit to a one-year corrective action plan (CAP). More details on the [...]

2023-07-28T13:58:16-04:00March 24th, 2021|

Sharp HealthCare Pays $70,000 to Settle Potential Right of Access Violation

In February of 2021, Sharp HealthCare, doing business as Sharp-Rees Stealy Medical Centers (SRMC), paid $70,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access standard. The Sharp settlement has become OCR’s sixteenth settlement under OCR’s right of access initiative. Under this initiative that began in 2019, OCR continues to [...]

2023-08-24T14:03:50-04:00February 12th, 2021|

Renown Health Fined $75,000 Under HIPAA Right of Access Initiative

Not-for-profit Nevada health system Renown Health, P.C., has agreed to pay $75,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access provision. The settlement is a product of HHS’ Right of Access Initiative. Under this initiative, OCR established cracking down on providers who fail to grant timely patient access to [...]

2023-07-31T11:58:11-04:00February 10th, 2021|