As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security
Articles Discussing HIPAA.
Florida Healthcare Provider Faces $1.19M HIPAA Penalty Following Independent Contractor Breach
A healthcare provider delivering pain management services in Florida and other states faces a $1.19 million civil monetary penalty from the U.S.
HIPAA Reproductive Health Care PHI Rules: Compliance Date Approaching
HIPAA Privacy Rules Get a Post-Dobbs Refresh on Reproductive Health Care
Employers will soon see the national debate about abortion popping up in some unexpected places: the HIPAA privacy policies and procedures and notices of privacy practices they use for their health benefit plans.
New HIPAA Final Rule Imposes Added Protections for Reproductive Health Care Privacy
On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule amends the Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA) to, among other things,
Federal Regulators Unveil Revised Final Guidance for Healthcare Cybersecurity and HIPAA Compliance
On February 14, 2024, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a new, final version of their guidance for regulated healthcare entities to follow to improve cybersecurity and compliance with the Health Insurance
Downstream Breaches Cause Headaches for Healthcare Providers, as State AG Seeks Law Change to Require AG Notification
For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI) likely triggers obligations to notify affected individuals, the federal Office of Civil Rights (OCR), potentially the media and other entities.
AI, Phishing Attacks, Healthcare, and a $480,000 OCR Settlement under HIPAA
Phishing has long been a favorite tactic for threat actors (hackers) to commence a cyberattack. The rapid expansion of more adaptable and available artificial intelligence (AI) technologies, such as natural language processing and large language models, now fuels more ferocious phishing campaigns. The effects are being felt in many industries,
HHS Releases Cybersecurity Concept Paper: HIPAA Changes Coming
Sanction Policies Can Help Drive Cybersecurity and HIPAA Compliance, OCR Says
Many HIPAA covered entities and business associates struggle with developing and implementing a sanctions policy. What should it say, is zero-tolerance required, do we have to impose discipline in every case, etc. These are examples of frequent and thorny questions that arise in connection with the development and implementation of
OCR Official Speaks About Compliance Concerns for HIPAA Covered Entities and Business Associates
What do ransomware, Yelp, and website tracking technologies all have in common? They are troubling areas of concern for HIPAA covered entities and business associates, according to one official from the federal Office for Civil Rights (OCR) which enforces the HIPAA privacy and security rules. Recently, the Executive Editor of
ChatGPT and HIPAA, Caution is Needed, Even ChatGPT Says So!
Recently, things may have sped up a little in your doctor’s office. The notes for your recent visit may have been organized and filed a little more quickly. You might have received assistance sooner than expected with a physician letter to your carrier concerning a claim. You also may have
$240,000 HIPAA Settlement With OCR Due to Snooping Security Guards
It is not the first time we have written about complaints, OCR settlements, and even jail time following snooping by hospital employees into patient records. For example, as COVID raged, an investigation showed that for approximately 10 months ending in February, 2021, an employee at a California state hospital improperly
Failure to Follow OCR HIPAA Technical Assistance Results in $15,000 Settlement for Small Provider
We have written several times about U.S. Department of Health and Human Services Office for Civil Rights’ “HIPAA Right of Access Initiative.” In its most recent enforcement action under the Initiative, the 44th such enforcement action, the OCR investigated a complaint made against a psychotherapist concerning the alleged refusal to
Websites: A Growing Compliance Concern – CCPA, HIPAA, Accessibility, State Laws…(Updated)
Websites play a vital role for organizations. They facilitate communication with consumers, constituents, patients, employees, donors, and the general public. They project an organization’s image and promote goodwill, provide information about products and services and allow for their purchase. Websites also inform investors about performance, enable job seekers to view