Terminated Employee’s Unauthorized Access to PHI Leads to Latest HIPAA Fine

In a record-breaking year for HIPAA fines, the HHS doesn’t seem to be slowing down. The HHS announced that they have reached a settlement with the City of New Haven, Connecticut for HIPAA violations. The HIPAA violation occurred as a result of the New Haven Health Department's failure to revoke access to their systems after terminating an employee. More details about the unauthorized access to PHI and settlement [...]

2023-04-06T14:16:32-04:00November 2nd, 2020|

3 Breaches, 6 Months & A $1 Million Fine: Aetna Reaches OCR Settlement for HIPAA Violations

The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) has reached a $1,000,000 settlement with health insurer Aetna. Aetna agreed to pay this fine and to adopt a two-year corrective action plan (CAP), as a result of its having committed three HIPAA violations in a six-month period. This settlement is the 14th that OCR has entered into in 2020. More settlements have [...]

2023-04-06T14:16:34-04:00October 29th, 2020|

And the Right of Access Fines Keep Coming…

OCR announced the eighth right of access fine issued this year. St. Joseph’s Hospital and Medical Center was fined $160,000 for failing to comply with the HIPAA right of access. More details on the right of access fine are discussed below. St. Joseph’s Hospital and Medical Center Right of Access Fine On April 25, 2018 the Department of Health and Human Services’(HHS) [...]

2023-04-06T14:16:43-04:00October 8th, 2020|

September OCR Fines Reach $10.7 Million

The OCR seems to be on a fines spree, with a record number of fines issued in September. There were eight September OCR fines issued, amounting to $10,736,500. More details on September OCR fines are discussed below. September OCR Fines: Violating HIPAA Right of Access The HIPAA Right of Access gives patients the right to request copies of their medical records from their healthcare provider. Requested records must [...]

2023-04-06T14:16:46-04:00October 1st, 2020|

OCR Issues $6.8 Million Fine for HIPAA Noncompliance

Premera Blue Cross (PBC) is a not-for-profit covered entity and business associate. PBC is also an independent licensee of the Blue Cross Shield Association, and serves as the largest health insurance provider in the Pacific Northwest, covering over 2 million people. PBC was the victim of a May, 2014 data breach, caused by a cyberattack. The cyberattack, which came in the form of an advanced persistent threat (APT) [...]

2023-04-06T14:16:49-04:00September 25th, 2020|

Healthcare Hack Leads to $2.3 Million OCR Settlement

In April of 2014, CHSPSC’s information system was hacked. The healthcare hack ended up affecting 6.1 million individuals, exposing their protected health information. As a result, CHSPSC has agreed to settle numerous HIPAA Security Rule violations with OCR. More details are discussed below. CHSPSC, LLC (“CHSPSC”) provides business associate services, including IT and health information management, to hospitals and physician clinics affiliated [...]

2023-04-06T14:16:50-04:00September 24th, 2020|

$1.5 Million OCR Fine Issued for Widespread Noncompliance with HIPAA

Athens Orthopedic Clinic PA has agreed to settle with the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) for its widespread noncompliance with HIPAA. More details about the HIPAA settlement are discussed below. Why Did OCR Investigate Athens Orthopedic? On June 26, 2016, Athens Orthopedic was contacted by a journalist who had found a database of their protected [...]

2023-04-06T14:16:52-04:00September 22nd, 2020|

OCR Issues Guidance for Mobile Health App Developers

The Department of Health and Human Services’ (HHS) Office for Civil Rights recently issued guidance on when HIPAA applies to health information that a patient creates, manages, or organizes through the use of a health app. The guidance also covers the issue of when mobile health app developers might need to comply with the HIPAA Rules. When are Mobile Health App Developers [...]

2023-04-06T14:16:55-04:00September 14th, 2020|

OCR Enforcement Discretion for Business Associate PHI Use

The Department of Health and Human Services’ (HHS) Office for Civil Rights, as part of a broad response to support federal and state health authorities and emergency operations centers who need access to COVID-19-related data, has announced it will exercise additional COVID-19-related enforcement discretion. The OCR enforcement discretion is discussed below. What Enforcement Discretion Will be Exercised?Previously, OCR announced it would exercise its [...]

2023-04-10T11:20:33-04:00September 1st, 2020|

OCR HIPAA Guidance: COVID-19 Plasma Donation

To clear up previously released guidance, the Office for Civil (OCR) released new guidance regarding contacting recovered COVID-19 patients for plasma donation. The OCR HIPAA guidance reinforces the allowance of covered entities to contact recovered patients. OCR HIPAA Guidance: Contacting Recovered COVID-19 Patients In June, OCR HIPAA guidance was released stating that HIPAA covered entities are permitted to contact recovered COVID-19 patients [...]

2023-04-06T14:17:02-04:00August 28th, 2020|