Archive for the ‘OCR’ Category

As a result of a single data breach of protected health information (PHI), albeit one affecting 79 million consumers, Anthem Inc. is now being fined $16 million by the government and owes an additional $115 million to those affected, who won a class action lawsuit that was approved by a judge this past August. The […]

Following comments made in March by Roger Severino, director of the Office for Civil Rights (OCR), the Department of Health and Human Services (HHS) recently published two Notices of Proposed Rulemaking (NPRMs), seeking comments on revising the disclosure rule covering protected health information (PHI) and on sharing HIPAA Privacy Rule violation fines with victims of […]

Roger Severino, director of the Office for Civil Rights (OCR) with enforcement powers over the HIPAA Privacy Rule and breaches of protected health information (PHI), announced he is looking to make some changes to both and will issue Notices of Proposed Rulemaking (NPRMs) and Requests for Information (RFIs) before proceeding. Specifically, he told a HIPAA […]

A receiver appointed to liquidate the assets of Filefax, Inc. has agreed to pay $100,000 out of the receivership estate to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Filefax, located in Northbrook, […]

Fresenius Medical Care North America (FMCNA), which operates health care facilities throughout the nation, has settled for $3.5 million for a series of five breaches it reported in 2012. This was the first settlement of the year announced by the Office for Civil Rights (OCR), which enforces HIPAA breach violations. Headquartered in Waltham, Mass., FMCNA is […]

The Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS) in January published a newsletter concerning cyber threats to entities storing PHI (protected health information), which is covered by the privacy and security rules of the Health Insurance Portability and Accountability Act (HIPAA). The newsletter begins by nothing that “Organizations […]

Following President Trump’s call to action that led to the declaration of a nationwide public health emergency regarding the opioid crisis, the HHS Office for Civil Rights (OCR) is releasing new guidance on when and how healthcare providers can share a patient’s health information with his or her family members, friends, and legal personal representatives […]

The Department of Health and Human Services (HHS) and its Office for Civil Rights (OCR) have launched a revised web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and to learn how all breaches of health information are investigated and successfully resolved. The […]

The Office for Civil Rights (OCR), the entity within the Department of Health and Human Services (HHS) that enforces the Privacy, Security and Breach rules of HIPAA, has released new guidance advising covered entities and business associates on best practices for preventing and reporting cyber attacks. “Reporting and Monitoring Cyber Threats” advises companies that maintain […]

HIPAA-covered entities must report small data breaches of protected health information (PHI) affecting fewer than 500 individuals to the Office for Civil Rights (OCR) by March 1.  The law allows for 60 days to elapse at the close of a calendar year before that year’s small breaches must be reported to OCR. When the breach […]