$65,000 Right of Access Violation Settlement

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently announced its seventeenth settlement of an enforcement action under its HIPAA Right of Access Initiative. The Arbour, Inc., doing business as Arbour Hospital (Arbour), has agreed to pay $65,000 to settle a potential right of access standard violation. Arbor has also agreed to submit to a one-year corrective action plan (CAP). More details on the [...]

2023-04-06T14:01:50-04:00March 24th, 2021|

AMCA Settles 2019 PHI Breach With 41 State Attorneys General

In 2019, the American Medical Collection Agency discovered that it was the victim of a data breach. Not just any data breach, though; the breach was the largest healthcare breach reported in 2019. AMCA, which operates in multiple states, informed states of the breach in June of 2019. A subsequent investigation led by the Attorneys General of Indiana, Texas, Connecticut and New York, led to a multistate lawsuit [...]

2023-04-06T14:01:53-04:00March 15th, 2021|

21st Century Oncology Settles HIPAA Data Breach Lawsuit

In late 2015, a cyberattacker accessed 21st Century Oncology’s (21CO) network database. As a result, 21CO was investigated by the Department of Health and Human Services’ (HHS) Office for Civil Rights. 21CO settled with HHS, however, a class action lawsuit was then filed against them. Details on the settlement and the HIPAA data breach lawsuit are discussed below. 21st Century Oncology and OCR Settlement [...]

2023-04-06T14:02:03-04:00February 18th, 2021|

Sharp HealthCare Pays $70,000 to Settle Potential Right of Access Violation

In February of 2021, Sharp HealthCare, doing business as Sharp-Rees Stealy Medical Centers (SRMC), paid $70,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access standard. The Sharp settlement has become OCR’s sixteenth settlement under OCR’s right of access initiative. Under this initiative that began in 2019, OCR continues to [...]

2023-04-06T14:02:05-04:00February 12th, 2021|

Renown Health Fined $75,000 Under HIPAA Right of Access Initiative

Not-for-profit Nevada health system Renown Health, P.C., has agreed to pay $75,000 to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to settle a potential violation of the HIPAA Privacy Rule right of access provision. The settlement is a product of HHS’ Right of Access Initiative. Under this initiative, OCR established cracking down on providers who fail to grant timely patient access to [...]

2023-04-06T14:02:07-04:00February 10th, 2021|

2020 Violations of the HIPAA Privacy and Security Rules

In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Two of the fines issued were hybrids - based on violations of the HIPAA Privacy and Security Rules in equal measure. These HIPAA fines are discussed below. Aetna and Violations of the HIPAA Privacy and Security Rules [...]

2023-04-06T14:02:19-04:00January 20th, 2021|

OCR 2020 and HIPAA Security Rule Violations

In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Six of the fines announced in 2020 were principally issued for failure to comply with the HIPAA Security Rule’s requirement to conduct a security risk assessment and to track and inventory network devices. The message of OCR 2020: Keep patient records [...]

2023-04-06T14:02:20-04:00January 19th, 2021|

$5.1 Million Fine Announced for HIPAA Data Breach

The Department of Health and Human Services (HHS) Office for Civil Rights has entered into a settlement with the Excellus Health Plan, under which Excellus has agreed to pay $5.1 million and to enter into a corrective action plan. The settlement was prompted by an OCR investigation that found widespread noncompliance with provisions of the HIPAA Privacy and Security Rules. As a result of the noncompliance, the data [...]

2023-04-06T14:02:22-04:00January 15th, 2021|

First OCR Settlement Agreement of 2021 Announced

It’s not surprising that OCR kicked off 2021 by announcing yet another right of access fine. The fourteenth fine issued under OCR’s right of access initiative was a $200,000 fine issued to Banner Health ACE. The OCR settlement agreement is discussed in detail below. Banner Health ACE OCR Settlement Agreement Banner Health affiliated covered entities (Banner Health ACE), a non-profit health system with 30 hospitals, and primary [...]

2023-04-06T14:02:23-04:00January 13th, 2021|

2020 Right of Access Enforcement

2020 has been an unenviable year of firsts and of worsts. Add to this another undesirable record-breaker. In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. 11 of the fines issued were for a failure to comply with the HIPAA Privacy Rule’s right of access. The message of OCR 2020 [...]

2023-04-06T14:02:25-04:00January 11th, 2021|