Reading the 5th: What the Recent Fifth Circuit HIPAA Case Means to You

The Department of Health and Human Services’ (HHS) Office for Civil Rights enforces HIPAA compliance by imposing civil monetary penalties (CMPs) on HIPAA covered entities for violations of the HIPAA Privacy and Security Rules. Practices may appeal the monetary determination in civil court. Almost all appeals to date have been unsuccessful. Almost. On January 14, 2021, the United States Court of Appeals for the Fifth Circuit (“5th Circuit”) [...]

2022-05-06T14:44:08-04:00February 3rd, 2021|

2020 Violations of the HIPAA Privacy and Security Rules

In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Two of the fines issued were hybrids - based on violations of the HIPAA Privacy and Security Rules in equal measure. These HIPAA fines are discussed below. Aetna and Violations of the HIPAA Privacy and Security Rules [...]

2022-05-06T14:44:10-04:00January 20th, 2021|

HIPAA Cybersecurity Best Practices Incentivized in New Bill

On January 5, 2021, President Trump signed into law legislation approved by the House Energy and Commerce Committee known as HR 7898. HR 7898, now law, requires the Department of Health and Human Services (HHS) to incentivize a covered entity’s or business associate’s cybersecurity best practices. Under this legislation, HHS, when deciding whether to issue a fine, or undertake an audit, must take into account whether [...]

2022-05-06T14:38:16-04:00January 7th, 2021|

HIPAA Cybersecurity Best Practices Incentivized in Proposed Bill 

Recent legislation approved by the House Energy and Commerce Committee known as HR 7898 would require the Department of Health and Human Services (HHS) to incentivize a covered entity’s or business associate’s HIPAA cybersecurity best practices. Under this legislation, HHS, when deciding whether to issue a fine, would take into account whether an organization has been using recognized HIPAA cybersecurity best practices to comply with the HIPAA Security [...]

2022-05-06T14:38:16-04:00December 21st, 2020|

OCR Right of Access Fine Announcement

The HHS’ OCR continues to step up its enforcement surrounding the HIPAA right of access, announcing its eleventh right of access fine this year. More details on the OCR right of access fine are discussed below.  Dr. Rajendra Bhayani Hit with Latest OCR Right of Access Fine Dr. Rajendra Bhayani, an otolaryngologist that runs a private practice in Rego Park, NY, has agreed to pay a [...]

2022-02-16T10:44:33-05:00November 13th, 2020|

October HIPAA Fines Reach $1.7 Million

With just three organizations fined by the HHS’ Office for Civil Rights (OCR) in October, the month’s HIPAA fines reached $1.7 million. More details on October HIPAA fines are discussed. October HIPAA Fines: Aetna Life Insurance Company Fined $1 Million Oct 28, 2020 - Aetna Life Insurance Company enters into a settlement with the HHS regarding three separate breaches over a six month period, affecting 18,602 patients. [...]

2022-02-16T10:44:33-05:00November 12th, 2020|

September OCR Fines Reach $10.7 Million

The OCR seems to be on a fines spree, with a record number of fines issued in September. There were eight September OCR fines issued, amounting to $10,736,500. More details on September OCR fines are discussed below. September OCR Fines: Violating HIPAA Right of Access The HIPAA Right of Access gives patients the right to request copies of their medical records from their healthcare provider. Requested records must [...]

2020-11-16T09:02:38-05:00October 1st, 2020|

$1.5 Million OCR Fine Issued for Widespread Noncompliance with HIPAA

Athens Orthopedic Clinic PA has agreed to settle with the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) for its widespread noncompliance with HIPAA. More details about the HIPAA settlement are discussed below. Why Did OCR Investigate Athens Orthopedic? On June 26, 2016, Athens Orthopedic was contacted by a journalist who had found a database of their protected [...]

2020-11-16T09:02:40-05:00September 22nd, 2020|

OCR Issues Guidance for Mobile Health App Developers

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently issued guidance on when HIPAA applies to health information that a patient creates, manages, or organizes through the use of a health app. The guidance also covers the issue of when mobile health app developers might need to comply with the HIPAA Rules. When are Mobile Health App Developers [...]

2021-12-17T16:28:27-05:00September 14th, 2020|

$678 Million Healthcare Settlement Reached with Novartis

Novartis, a pharmaceutical company, agreed to a $678 million healthcare settlement with the Department of Justice (DOJ). Novartis was accused of violating the Anti-Kickback Statute (AKS) and False Claims Act (FCA) by having healthcare providers attend and speak at events to entice providers to prescribe Novartis to their patients. The details of the healthcare settlement are discussed below. What Did Novartis Do [...]

2021-01-14T13:23:47-05:00August 26th, 2020|