OCR Budget Proposal Seeks More Money for Enforcement and Fines

The Department of Health and Human Services’ Office for Civil Rights (OCR) has added its two cents to the federal budget the President proposes and Congress approves each year. OCR has proposed that its budget for 2023 be increased by 55%, to a total of $60.2 million. What does OCR want to use the money for? A 64% increase in staffing. Which [...]

2022-05-20T16:54:28-04:00May 11th, 2022|

NY AG SHIELD UP! Vision Benefits Provider Settles Email Data Breach

In January of 2022, EyeMed Vision Care LLC, a New York vision benefits provider, settled an action brought by the New York State Attorney General against it for failing to implement adequate data security measures, including multifactor authentication, password management, and logging of email accounts.  These deficiencies resulted in a 2020 email data breach during which hackers accessed an EyeCare email account [...]

2022-05-06T17:03:39-04:00January 26th, 2022|

What’s the Civil Penalty for Unknowingly Violating HIPAA?

When a covered entity or business associate makes the HIPAA Wall of Shame for a significant breach or violation, it often results in huge fines. In some cases, the breaches and resulting fines resulted from organizations knowingly violating HIPAA regulations and just hoping they wouldn’t get caught. However, many violations and fines occur because people thought they were doing enough to be compliant. Do the regulators [...]

2022-05-06T17:03:40-04:00January 24th, 2022|

OCR HIPAA Investigation Leads to 20th Right of Access Fine

On September 10, 2021, the Department of Health and Human Services Office for Civil Rights (OCR) announced the issuance of another right of access fine. The OCR HIPAA investigation led to the twentieth right of access fine issued since the 2019 right of access enforcement initiative was announced. Children's Hospital & Medical Center OCR HIPAA Investigation In May 2020, the OCR received [...]

2022-05-06T14:43:58-04:00September 10th, 2021|

OCR Fines Village Plastic Surgery for Stretching HIPAA Right of Access Rule

In late March of 2021, the Department of Health and Services (HHS) Office for Civil Rights (OCR) settled with New Jersey-based Village Plastic Surgery (VPS) for a potential violation of the HIPAA right of access rule. The $30,000 settlement requires VPS to undergo a two-year corrective plan (CAP). The details of the settlement are discussed below. Village Plastic Surgery HIPAA Right of Access Rule Violation [...]

2022-05-06T14:44:03-04:00March 26th, 2021|

$65,000 Right of Access Violation Settlement

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently announced its seventeenth settlement of an enforcement action under its HIPAA Right of Access Initiative. The Arbour, Inc., doing business as Arbour Hospital (Arbour), has agreed to pay $65,000 to settle a potential right of access standard violation. Arbor has also agreed to submit to a one-year corrective action plan (CAP). More details on the [...]

2022-05-06T14:44:03-04:00March 24th, 2021|

Sharp HealthCare Pays $70,000 to Settle Potential Right of Access Violation

In February of 2021, Sharp HealthCare, doing business as Sharp-Rees Stealy Medical Centers (SRMC), paid $70,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access standard. The Sharp settlement has become OCR’s sixteenth settlement under OCR’s right of access initiative. Under this initiative that began in 2019, OCR continues to [...]

2022-05-06T14:44:07-04:00February 12th, 2021|

Renown Health Fined $75,000 Under HIPAA Right of Access Initiative

Not-for-profit Nevada health system Renown Health, P.C., has agreed to pay $75,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access provision. The settlement is a product of HHS’ Right of Access Initiative. Under this initiative, OCR established cracking down on providers who fail to grant timely patient access to [...]

2022-05-06T14:44:07-04:00February 10th, 2021|

Reading the 5th: What the Recent Fifth Circuit HIPAA Case Means to You

The Department of Health and Human Services’ (HHS) Office for Civil Rights enforces HIPAA compliance by imposing civil monetary penalties (CMPs) on HIPAA covered entities for violations of the HIPAA Privacy and Security Rules. Practices may appeal the monetary determination in civil court. Almost all appeals to date have been unsuccessful. Almost. On January 14, 2021, the United States Court of Appeals for the Fifth Circuit (“5th Circuit”) [...]

2022-05-06T14:44:08-04:00February 3rd, 2021|

2020 Violations of the HIPAA Privacy and Security Rules

In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Two of the fines issued were hybrids - based on violations of the HIPAA Privacy and Security Rules in equal measure. These HIPAA fines are discussed below. Aetna and Violations of the HIPAA Privacy and Security Rules [...]

2022-05-06T14:44:10-04:00January 20th, 2021|