In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Two of the fines issued were hybrids - based on violations of the HIPAA Privacy and Security Rules in equal measure. These HIPAA fines are discussed below. Aetna and Violations of the HIPAA Privacy and Security Rules [...]
On January 5, 2021, President Trump signed into law legislation approved by the House Energy and Commerce Committee known as HR 7898. HR 7898, now law, requires the Department of Health and Human Services (HHS) to incentivize a covered entity’s or business associate’s cybersecurity best practices. Under this legislation, HHS, when deciding whether to issue a fine, or undertake an audit, must take into account whether [...]
Recent legislation approved by the House Energy and Commerce Committee known as HR 7898 would require the Department of Health and Human Services (HHS) to incentivize a covered entity’s or business associate’s HIPAA cybersecurity best practices. Under this legislation, HHS, when deciding whether to issue a fine, would take into account whether an organization has been using recognized HIPAA cybersecurity best practices to comply with the HIPAA Security [...]
The HHS’ OCR continues to step up its enforcement surrounding the HIPAA right of access, announcing its eleventh right of access fine this year. More details on the OCR right of access fine are discussed below. Dr. Rajendra Bhayani Hit with Latest OCR Right of Access Fine Dr. Rajendra Bhayani, an otolaryngologist that runs a private practice in Rego Park, NY, has agreed to pay a [...]
With just three organizations fined by the HHS’ Office for Civil Rights (OCR) in October, the month’s HIPAA fines reached $1.7 million. More details on October HIPAA fines are discussed. October HIPAA Fines: Aetna Life Insurance Company Fined $1 Million Oct 28, 2020 - Aetna Life Insurance Company enters into a settlement with the HHS regarding three separate breaches over a six month period, affecting 18,602 patients. [...]
The OCR seems to be on a fines spree, with a record number of fines issued in September. There were eight September OCR fines issued, amounting to $10,736,500. More details on September OCR fines are discussed below. September OCR Fines: Violating HIPAA Right of Access The HIPAA Right of Access gives patients the right to request copies of their medical records from their healthcare provider. Requested records must [...]
Athens Orthopedic Clinic PA has agreed to settle with the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) for its widespread noncompliance with HIPAA. More details about the HIPAA settlement are discussed below. Why Did OCR Investigate Athens Orthopedic? On June 26, 2016, Athens Orthopedic was contacted by a journalist who had found a database of their protected [...]
The Department of Health and Human Services’ (HHS) Office for Civil Rights recently issued guidance on when HIPAA applies to health information that a patient creates, manages, or organizes through the use of a health app. The guidance also covers the issue of when mobile health app developers might need to comply with the HIPAA Rules. When are Mobile Health App Developers [...]
Novartis, a pharmaceutical company, agreed to a $678 million healthcare settlement with the Department of Justice (DOJ). Novartis was accused of violating the Anti-Kickback Statute (AKS) and False Claims Act (FCA) by having healthcare providers attend and speak at events to entice providers to prescribe Novartis to their patients. The details of the healthcare settlement are discussed below. What Did Novartis Do [...]
The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) posts breaches affecting 500 or more patients to their online breach portal. The “wall of shame” permanently lists these breaches for public view. July healthcare breaches listed on the site affected 1,123,850 patients. Is your organization secure? Find out now with our HIPAA compliance checklist. July Healthcare Breaches and Hacking/IT Incidents The majority of July [...]
