In a record-breaking year for HIPAA fines, the HHS doesn’t seem to be slowing down. The HHS announced that they have reached a settlement with the City of New Haven, Connecticut for HIPAA violations. The HIPAA violation occurred as a result of the New Haven Health Department's failure to revoke access to their systems after terminating an employee. More details about the unauthorized access to PHI and settlement [...]
The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) has reached a $1,000,000 settlement with health insurer Aetna. Aetna agreed to pay this fine and to adopt a two-year corrective action plan (CAP), as a result of its having committed three HIPAA violations in a six-month period. This settlement is the 14th that OCR has entered into in 2020. More settlements have [...]
OCR announced the eighth right of access fine issued this year. St. Joseph’s Hospital and Medical Center was fined $160,000 for failing to comply with the HIPAA right of access. More details on the right of access fine are discussed below. St. Joseph’s Hospital and Medical Center Right of Access Fine On April 25, 2018 the Department of Health and Human Services’(HHS) [...]
The OCR seems to be on a fines spree, with a record number of fines issued in September. There were eight September OCR fines issued, amounting to $10,736,500. More details on September OCR fines are discussed below. September OCR Fines: Violating HIPAA Right of Access The HIPAA Right of Access gives patients the right to request copies of their medical records from their healthcare provider. Requested records must [...]
Premera Blue Cross (PBC) is a not-for-profit covered entity and business associate. PBC is also an independent licensee of the Blue Cross Shield Association, and serves as the largest health insurance provider in the Pacific Northwest, covering over 2 million people. PBC was the victim of a May, 2014 data breach, caused by a cyberattack. The cyberattack, which came in the form of an advanced persistent threat (APT) [...]
In April of 2014, CHSPSC’s information system was hacked. The healthcare hack ended up affecting 6.1 million individuals, exposing their protected health information. As a result, CHSPSC has agreed to settle numerous HIPAA Security Rule violations with OCR. More details are discussed below. CHSPSC, LLC (“CHSPSC”) provides business associate services, including IT and health information management, to hospitals and physician clinics affiliated [...]
Athens Orthopedic Clinic PA has agreed to settle with the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) for its widespread noncompliance with HIPAA. More details about the HIPAA settlement are discussed below. Why Did OCR Investigate Athens Orthopedic? On June 26, 2016, Athens Orthopedic was contacted by a journalist who had found a database of their protected [...]
The Department of Health and Human Services’ (HHS) Office for Civil Rights recently issued guidance on when HIPAA applies to health information that a patient creates, manages, or organizes through the use of a health app. The guidance also covers the issue of when mobile health app developers might need to comply with the HIPAA Rules. When are Mobile Health App Developers [...]
The Department of Health and Human Services’ (HHS) Office for Civil Rights, as part of a broad response to support federal and state health authorities and emergency operations centers who need access to COVID-19-related data, has announced it will exercise additional COVID-19-related enforcement discretion. The OCR enforcement discretion is discussed below. What Enforcement Discretion Will be Exercised?Previously, OCR announced it would exercise its [...]
To clear up previously released guidance, the Office for Civil (OCR) released new guidance regarding contacting recovered COVID-19 patients for plasma donation. The OCR HIPAA guidance reinforces the allowance of covered entities to contact recovered patients. OCR HIPAA Guidance: Contacting Recovered COVID-19 Patients In June, OCR HIPAA guidance was released stating that HIPAA covered entities are permitted to contact recovered COVID-19 patients [...]
© 2023 Compliancy Group LLC. All Rights Reserved | Terms of Use | Privacy Policy
Become Compliant, Get The Seal!
