OCR HIPAA Investigation Leads to 20th Right of Access Fine

On September 10, 2021, the Department of Health and Human Services Office for Civil Rights (OCR) announced the issuance of another right of access fine. The OCR HIPAA investigation led to the twentieth right of access fine issued since the 2019 right of access enforcement initiative was announced. Children's Hospital & Medical Center OCR HIPAA Investigation In May 2020, the OCR received [...]

2021-09-14T13:13:17-04:00September 10th, 2021|

ePHI Security Emphasized in HHS Summer Newsletter

Although the HHS has long stressed the importance of ePHI security, with the influx of healthcare breaches, it is clear that many organizations have not heeded the warning. With an increase in breaches across all industries, cybersecurity has become the focus of many government agencies including the HHS. Earlier this month the HHS published its “Summer 2021 Cybersecurity Newsletter” further emphasizing the importance of information access [...]

2021-07-30T13:26:38-04:00July 30th, 2021|

OCR Settles 19th HIPAA Right of Access Case

Since 2019, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has brought a number of enforcement actions against healthcare providers for their failure to comply with the HIPAA Privacy Rule’s right of access standard. This standard requires providers to give patients timely access to their medical records. Recently, OCR announced its 19th settlement under its 2019 right [...]

2021-06-08T12:09:37-04:00June 2nd, 2021|

OCR Fraud Alert! Beware of This Postcard

The Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) enforces the HIPAA regulations through investigations, civil monetary penalties, and settlements. On April 26, 2021, OCR announced that it had been made aware of postcards being sent to healthcare organizations informing the recipients that they are required to participate in a “Required Security Risk Assessment.” The postcards instruct recipients to send the risk assessment to [...]

2021-11-09T12:30:01-05:00April 27th, 2021|

$65,000 Right of Access Violation Settlement

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently announced its seventeenth settlement of an enforcement action under its HIPAA Right of Access Initiative. The Arbour, Inc., doing business as Arbour Hospital (Arbour), has agreed to pay $65,000 to settle a potential right of access standard violation. Arbor has also agreed to submit to a one-year corrective action plan (CAP). More details on the [...]

2021-03-24T16:33:35-04:00March 24th, 2021|

OCR Enforcement Discretion and COVID Vaccination

Since the release of the COVID-19 vaccine, healthcare organizations have scrambled to provide patients with timely vaccination. With the difficulties in scheduling vaccines, some providers have turned to non-traditional appointment scheduling platforms, such as Eventbrite. In an effort to ease vaccine initiatives, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced that, as of December 11, 2020, it will exercise enforcement discretion for [...]

2021-01-21T11:58:04-05:00January 21st, 2021|

2020 Violations of the HIPAA Privacy and Security Rules

In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Two of the fines issued were hybrids - based on violations of the HIPAA Privacy and Security Rules in equal measure. These HIPAA fines are discussed below. Aetna and Violations of the HIPAA Privacy and Security Rules [...]

2021-01-21T12:11:47-05:00January 20th, 2021|

OCR 2020 and HIPAA Security Rule Violations

In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Six of the fines announced in 2020 were principally issued for failure to comply with the HIPAA Security Rule’s requirement to conduct a security risk assessment and to track and inventory network devices. The message of OCR 2020: Keep patient records [...]

2021-01-15T13:21:03-05:00January 19th, 2021|

$5.1 Million Fine Announced for HIPAA Data Breach

The Department of Health and Human Services (HHS) Office for Civil Rights has entered into a settlement with the Excellus Health Plan, under which Excellus has agreed to pay $5.1 million and to enter into a corrective action plan. The settlement was prompted by an OCR investigation that found widespread noncompliance with provisions of the HIPAA Privacy and Security Rules. As a result of the noncompliance, the data [...]

2021-01-15T16:56:23-05:00January 15th, 2021|

OCR Right of Access Fine Announcement

The HHS’ OCR continues to step up its enforcement surrounding the HIPAA right of access, announcing its eleventh right of access fine this year. More details on the OCR right of access fine are discussed below.  Dr. Rajendra Bhayani Hit with Latest OCR Right of Access Fine Dr. Rajendra Bhayani, an otolaryngologist that runs a private practice in Rego Park, NY, has agreed to pay a [...]

2020-11-16T09:02:28-05:00November 13th, 2020|