1.5 Million Patients Affected by February Healthcare Breaches

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) reported 39 February healthcare breaches, affecting 1,531,855 patients. Of the reported incidents, there were 26 breaches due to hacking/IT incidents, 6 breaches from the unauthorized access/disclosure of protected health information (PHI), 3 breaches due to theft, 2 breaches due to loss, and 2 breaches due to improper disposal of PHI. Do you have an effective HIPAA [...]

2020-03-24T17:36:19-04:00March 25th, 2020|

HIPAA Settlement Reached with Gastroenterological Sole Practitioner

The Department of Health and Human Services’ (HHS) Office for Civil rights (OCR) issued the first HIPAA settlement for 2020. Steven A. Porter, M.D., a gastroenterological sole practitioner, has agreed to pay $100,000 to the OCR for HIPAA violations. On November 21, 2013, Steven A. Porter, M.D. filed a breach report with the OCR claiming that their business associate (BA), Elevation43, was withholding the Practice’s electronic protected health information [...]

2020-03-12T12:24:11-04:00March 3rd, 2020|

Leap Year Law and the HIPAA Breach Notification Deadline

Is there such a thing as a leap year law? Once every four years (e.g., 2000, 2004, 2008, 2012), there is a February 29th. Years with this extra calendar date are, of course, called leap years. The existence of an extra day in a year can change a legal deadline. This year, because there is an extra day, February 29, the breach notification deadline for reporting certain breaches to [...]

2020-02-19T15:50:09-05:00February 5th, 2020|

PHI Protection for 50 Years After Death

Protected health information (PHI) is any individually identifying health information classified by the Department of Health and Human Services (HHS) into 18 identifiers, such as name, date of birth, address, payment information, treatment information, etc. The Health Insurance Portability and Accountability Act (HIPAA) mandates that organizations that work with PHI have safeguards in place in the form of administrative, technical, and physical, to protect PHI. Safeguarding PHI is extremely [...]

2020-01-21T16:37:23-05:00January 20th, 2020|

West Georgia Ambulance Pays $65K fine for HIPAA Violations

The Office for Civil Rights of the Department of Health and Human Services has saved an announcement of HIPAA penalties for literally the day before the end of 2019. On December 30, through a press release, OCR announced it has entered into a resolution agreement with West Georgia Ambulance, Inc. on December 23. The agreement requires West Georgia to pay a fine in the amount of $65,000. What HIPAA [...]

2020-01-06T16:30:23-05:00January 2nd, 2020|

HIPAA Enforcement

There are significant consequences for breaking the HIPAA laws. The HIPAA Rule is enforced through several methods.  The most common method of HIPAA enforcement is actions of the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). State attorneys general may also conduct HIPAA enforcement. How Does HIPAA Enforcement Work? HIPAA enforcement takes place on both the federal government and state government level. The Department of [...]

2020-01-06T10:22:13-05:00December 17th, 2019|

$2.175 Million HIPAA Fine Issued for Improper Breach Notification

In its’ most recent HIPAA settlement, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) issued a $2.175 million HIPAA fine to Sentara Hospitals. The HIPAA settlement stemmed from a breach in April 2017 that affected 577 patients. In addition to the fine, Sentara Hospitals has agreed to adhere to corrective action plans, to be submitted to HHS for approval. Would you pass a HIPAA [...]

2020-01-02T17:07:00-05:00December 2nd, 2019|

Updated HHS SRA Tool Issued

In 2011, the Department of Health and Human Services (HHS), the federal agency for enforcing HIPAA, issued a Security Risk Assessment (SRA) tool through its Office for Civil Rights (OCR). In 2019, after several updates, OCR is offering its newest updated HHS SRA tool, version 3.1. The updated HHS SRA Tool contains several features that the prior tools did not contain. What is the Updated HHS SRA Tool? The [...]

2020-01-02T11:32:45-05:00November 18th, 2019|

Texas Health and Human Services Commission Fined $1.6 Million by OCR

The Texas Health and Human Services Commission (TX HHSC) is a Texas government state agency. Its charge is to improve the health, safety and well-being of Texans with good stewardship of public resources. TX HHSC, which is part of the broader Texas Health and Human Services system, which: Operates state supported living centers; Provides mental health and substance abuse services; Regulates child care and nursing facilities; and Administers programs [...]

2019-12-31T11:46:57-05:00November 8th, 2019|

$3 Million HIPAA Settlement Reached for Lack of Device Encryption

The Office for Civil Rights (OCR) issued a press release on November 5, 2019 discussing a $3 million HIPAA settlement reached with the University of Rochester Medical Center (URMC). URMC filed two separate breach reports in 2013 and 2017, both in reference to unencrypted devices that stored protected health information (PHI). The healthcare breaches stemmed from the loss of an unencrypted flash drive and the theft of an unencrypted [...]

2019-12-31T11:35:14-05:00November 7th, 2019|