OCR Chief to Seek Changes to HIPAA Privacy Rule and Breach Enforcement

Roger Severino, director of the Office for Civil Rights (OCR) with enforcement powers over the HIPAA Privacy Rule and breach enforcement, announced he is looking to make some changes to both and will issue Notices of Proposed Rulemaking (NPRMs) and Requests for Information (RFIs) before proceeding. Specifically, he told a HIPAA meeting in Arlington, Va., […]

Read the rest of this entry »
GoTo top Top

HIPAA Violations Don’t End with the Closing of a Business, OCR Says

A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Filefax, located in Northbrook, […]

Read the rest of this entry »
GoTo top Top

Firm Settles for $3.5 Million for 5 HIPAA Breaches

Fresenius Medical Care North America (FMCNA), which operates health care facilities throughout the nation, has settled for $3.5 million for a series of five breaches it reported in 2012. This was the first settlement of the year announced by the Office for Civil Rights (OCR), which enforces HIPAA breach violations. Headquartered in Waltham, Mass., FMCNA is […]

Read the rest of this entry »
GoTo top Top

OCR Issues Newsletter Warning about Cyber Threats to PHI

The Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS) in January published a newsletter concerning cyber threats to entities storing PHI (protected health information), which is covered by the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA). The newsletter begins by nothing that “Organizations […]

Read the rest of this entry »
GoTo top Top

HIPAA Allows Information Sharing with Loved Ones in Opioid Crisis, OCR Says

Following President Trump’s call to action that led to the declaration of a nationwide public health emergency regarding the opioid crisis, the HHS Office for Civil Rights (OCR) is releasing new guidance on when and how healthcare providers can share a patient’s health information with his or her family members, friends, and legal personal representatives […]

Read the rest of this entry »
GoTo top Top

HHS Improves HIPAA Breach Web Reporting Tool

The Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) have launched a revised web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and to learn how all breaches of health information are investigated and successfully resolved. The […]

Read the rest of this entry »
GoTo top Top

OCR Releases Guidance on Protecting ePHI from Cyber Threats

The Office for Civil Rights (OCR), the entity within the Department of Health and Human Services (HHS) that enforces the Privacy, Security and Breach rules of HIPAA, has released new guidance advising covered entities and business associates on best practices for preventing and reporting cyber attacks. “Reporting and Monitoring Cyber Threats” advises companies that maintain […]

Read the rest of this entry »
GoTo top Top

Small Breach Notifications Due by March 1

HIPAA-covered entities must report small data breaches of protected health information (PHI) affecting fewer than 500 individuals to the Office for Civil Rights (OCR) by March 1.  The law allows for 60 days to elapse at the close of a calendar year before that year’s small breaches must be reported to OCR. When the breach […]

Read the rest of this entry »
GoTo top Top

OCR Trebles Its HIPAA Violations Fines in FY 2016

The Office for Civil Rights (OCR) shattered all monetary settlement records for violations of the HIPAA (Health Insurance Portability and Accountability Act) privacy, security and breach rules in the fiscal year ended this past Sept. 30, according to a study by the law firm McDermott Will & Emery. In fiscal 2016, OCR socked companies $25,6 million for HIPAA violations, […]

Read the rest of this entry »
GoTo top Top

$5.5M Settlement Largest Ever for a HIPAA Security Violation

Advocate Health Care Network (Advocate) has agreed to a settlement with the Department of Health and Human Services (HHS), Office for Civil Rights (OCR), for multiple potential violations of the Health Insurance Portability and Accountability Act (HIPAA) involving electronic protected health information (ePHI). Advocate has agreed to pay a settlement amount of $5.55 million and […]

Read the rest of this entry »
GoTo top Top