By Matt Fisher – Whenever an entity subject to HIPAA experiences a data breach, notification must be given to the Office for Civil Rights. Once OCR receives notification of a breach, an investigation will typically follow. That combination is a sure way for broader issues to be uncovered. That is the scenario that played out in the most recent settlement announced by OCR.
Read More
By Matt Fisher – Apparently the Office for Civil Rights does still have older resolved HIPAA concerns in its hopper to release. The latest release about a civil monetary penalty continues the ongoing enforcement focus on the right of access.
By Matt Fisher – The Office for Civil Rights announced another cyber incident driven HIPAA civil monetary penalty on February 20, 2025. The settlement broke a one month lull in HIPAA enforcement announcements, though looking at the dates in the documents (all go back to the last quarter or so of 2024), it may not necessarily be an indication that enforcement of HIPAA remains an ongoing immediate priority.
By Matt Fisher – Prior to the changeover of the administration, the HHS Office for Civil Rights went on a bit of a HIPAA settlement bender. The fast pace of announced settlements felt a bit like a clearing of the decks. The various settlements continued recent trends around the issues being selected by OCR for settlement along with the still random amount of settlements.
The proposed rule would modify the HIPAA Security Rule to require health plans, health care clearinghouses, and most health care providers, and their business associates, to strengthen cybersecurity protections for individuals’ protected health information.
By Matt Fisher – 2024 cannot end without a further wrinkle on the HIPAA front. Earlier in the year, the Office for Civil Rights in the Department of Health and Human Services modified the HIPAA Privacy Rule by adding language specific to reproductive health care and reproductive health care services.
By Jay Trinckes – In recent years, healthcare organizations have struggled to address the rising number of data breaches and cyberattacks plaguing the industry. The Change Healthcare breach in particular caused the exposure of the protected health information of as many as one in three Americans earlier this year.
By Matt Fisher – The HHS Office for Civil Rights is finishing 2024 with a flurry of HIPAA settlements and there is still more time to go. Each settlement offers a different insight into necessary compliance and oversight activities.
By Matt Fisher – The HHS Office for Civil Rights continues to pursue enforcement actions when alleged non-compliance occurs following a right of access request. Not every settlement provides the same degree of insight or ability to follow OCR’s line of thinking though. That is the case stemming from the latest civil monetary penalty announced by OCR.