By Matt Fisher – The drumbeat of settlement agreements for alleged HIPAA violations by the Office for Civil Rights is continuing along with the consistent finding that the required risk analysis did not occur. The consistent announcement of settlements offers regular reminders to the healthcare industry that OCR is watching and expecting compliance to improve.
Read More
By Matt Fisher – The Office for Civil Rights announced another cyber incident driven HIPAA civil monetary penalty on February 20, 2025. The settlement broke a one month lull in HIPAA enforcement announcements, though looking at the dates in the documents (all go back to the last quarter or so of 2024), it may not necessarily be an indication that enforcement of HIPAA remains an ongoing immediate priority.
By Usman Choudhary – Healthcare data security is among the most pressing challenges in today’s interconnected world, primarily because digital transformation exposes sensitive patient information to the risk of breaches and cyberattacks.
By Matt Fisher – 2024 cannot end without a further wrinkle on the HIPAA front. Earlier in the year, the Office for Civil Rights in the Department of Health and Human Services modified the HIPAA Privacy Rule by adding language specific to reproductive health care and reproductive health care services.
By Matt Fisher – The HHS Office for Civil Rights continues to pursue enforcement actions when alleged non-compliance occurs following a right of access request. Not every settlement provides the same degree of insight or ability to follow OCR’s line of thinking though. That is the case stemming from the latest civil monetary penalty announced by OCR.
By Art Gross – With the evolving landscape of cybersecurity threats and the increasing importance of protecting patient data, it’s crucial to ensure your organization is fully compliant with HIPAA.
By Matthew Fisher – The OCR announced yet another settlement action involving the HIPAA Right of Access. It is a reminder that right of access remains a focal point for OCR even though cyberattacks formed the basis for settlements announced earlier in 2024.
By Harikrishna Kundariya – The process of HIPAA-compliant software development is complicated and requires the implementation of efficient design, solid security policies, and a consistent focus on data protection.
By Christy Jones – Hospitals, health systems, and medical practices are increasingly aware that Google Analytics does not satisfy HIPAA requirements. The reason? The US Department of Health and Human Services released guidance bringing IP addresses under the umbrella of protected health information.