What Happens After a HIPAA Complaint is Filed?

Even when you do the best you can to comply with HIPAA regulations, violations and breaches may occur. Clients or patients may report what they think are violations, even when they’re not. What happens after a HIPAA complaint is filed? What rights do you have as a covered entity or business associate? And what is the worst-case scenario? Common Violation Examples – [...]

2023-11-03T14:14:21-04:00April 25th, 2022|

The Fines They Are A’Changin’: Lessons from 2021 HIPAA Fines

This year, the Department of Health and Human Services’ Office for Civil Rights (OCR) resolved 14 enforcement actions it had filed against healthcare providers, health plans, and clinical labs. OCR resolved all but one of these 13 through entering into a Settlement Agreement with the covered entity. In the remaining action, OCR imposed a civil monetary penalty on the provider. The lessons from 2021 HIPAA fines are three-fold: [...]

2023-08-08T15:54:39-04:00December 17th, 2021|

OCR Fines Village Plastic Surgery for Stretching HIPAA Right of Access Rule

In late March of 2021, the Department of Health and Services (HHS) Office for Civil Rights (OCR) settled with New Jersey-based Village Plastic Surgery (VPS) for a potential violation of the HIPAA right of access rule. The $30,000 settlement requires VPS to undergo a two-year corrective plan (CAP). The details of the settlement are discussed below. Village Plastic Surgery HIPAA Right of Access Rule Violation [...]

2023-07-28T13:54:41-04:00March 26th, 2021|

$65,000 Right of Access Violation Settlement

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently announced its seventeenth settlement of an enforcement action under its HIPAA Right of Access Initiative. The Arbour, Inc., doing business as Arbour Hospital (Arbour), has agreed to pay $65,000 to settle a potential right of access standard violation. Arbor has also agreed to submit to a one-year corrective action plan (CAP). More details on the [...]

2023-07-28T13:58:16-04:00March 24th, 2021|

Sharp HealthCare Pays $70,000 to Settle Potential Right of Access Violation

In February of 2021, Sharp HealthCare, doing business as Sharp-Rees Stealy Medical Centers (SRMC), paid $70,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access standard. The Sharp settlement has become OCR’s sixteenth settlement under OCR’s right of access initiative. Under this initiative that began in 2019, OCR continues to [...]

2023-08-24T14:03:50-04:00February 12th, 2021|

2020 Violations of the HIPAA Privacy and Security Rules

In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Two of the fines issued were hybrids - based on violations of the HIPAA Privacy and Security Rules in equal measure. These HIPAA fines are discussed below. Aetna and Violations of the HIPAA Privacy and Security Rules [...]

2023-10-27T11:53:58-04:00January 20th, 2021|

OCR 2020 and HIPAA Security Rule Violations

In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Six of the fines announced in 2020 were principally issued for failure to comply with the HIPAA Security Rule’s requirement to conduct a security risk assessment and to track and inventory network devices. The message of OCR 2020: Keep patient records [...]

2023-10-27T12:15:46-04:00January 19th, 2021|

$5.1 Million Fine Announced for HIPAA Data Breach

The Department of Health and Human Services (HHS) Office for Civil Rights has entered into a settlement with the Excellus Health Plan, under which Excellus has agreed to pay $5.1 million and to enter into a corrective action plan. The settlement was prompted by an OCR investigation that found widespread noncompliance with provisions of the HIPAA Privacy and Security Rules. As a result of the noncompliance, the data [...]

2023-07-31T13:34:55-04:00January 15th, 2021|

OCR HIPAA Enforcement in 2021

OCR HIPAA enforcement in 2020 was focused on HIPAA right of access violations with 11 fines issued in 2020 citing this type of violation. Although right of access fines will likely continue, the OCR is bound to shift its focus in the year to come. OCR HIPAA enforcement in 2021 is discussed to provide healthcare organizations with guidance on what may be to come. OCR HIPAA Enforcement in [...]

2023-07-31T13:41:08-04:00January 12th, 2021|

HIPAA Fines 2020 Reached $13.5 Million

2020 was a year like no other in many ways. While the healthcare industry was arguably the most affected by the events of 2020, the Department of Health and Human Services (HHS) saw no need to slow down its enforcement efforts. This is evident by the fact that there were more HIPAA fines issued in 2020 than any year before. To provide healthcare organizations guidance on how to [...]

2023-07-31T13:48:01-04:00January 5th, 2021|