The Office for Civil Rights of the Department of Health and Human Services (OCR) announced on September 26, 2024, that it had entered a settlement with Cascade Eye and Skin Centers (together, Cascade) for $250,000 following an investigation of a ransomware attack against them.

This is the fourth settlement against a victim of a ransomware

On November 28, 2022, the Department of Health and Human Services (HHS) issued a proposed rule to modify the confidentiality protections of Substance Use Disorder (SUD) patient treatment records under 42 CFR Part 2 (Part 2) to implement statutory amendments passed under Section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (42 U.S.C. 290dd-2). Comments are being accepted for 60 days from the date of publication.Continue Reading HHS Proposes Rule to Align Part 2 Records and HIPAA

We follow up on our previous blog post concerning the U.S. Supreme Court’s unanimous ruling in favor of 340B hospitals. The Supreme Court previously held that “absent a survey of hospitals’ acquisition costs, HHS may not vary the reimbursement rates for 340B hospitals” and therefore, that HHS exceeded its statutory authority by varying the 2018 and 2019 rates for 340B hospitals without first conducting such survey.Continue Reading 340B Update: District Court Rejects 2022 Payment Methodology for 340B Hospitals Following Supreme Court Win

The Centers for Medicare and Medicaid Services (CMS) issued a Request for Information (RFI) seeking input from the public on the burden the Stark Law may impose on patient care and recommendations on how to address any undue impact, specifically on care coordination.

The Stark Law, also known as the physician self-referral law, prohibits a

We often forget that state AG’s have jurisdiction under the HIPAA Omnibus Rule to levy fines and penalties against HIPAA covered entities for violations. This is because the Office for Civil Rights has traditionally taken the primary role in enforcing HIPAA. But Horizon Blue Cross Blue Shield of New Jersey (Horizon) was reminded of the AG’s ability to enforce HIPAA when it recently agreed to pay a $1.1 million fine to the New Jersey Division of Consumer Affairs for an incident that occurred in November of 2013  involving the theft of two unencrypted laptops from its offices.
Continue Reading Horizon BCBS of New Jersey Pays State $1.1 million for HIPAA violations