The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) recently issued its Final Rule to modify HIPAA “to support reproductive health care privacy.” The Final Rule is in response to Executive Order 14076, where President Biden directed HHS to take actions to protect reproductive health information following Dobbs v.
OCR Updates Online Tracking Technologies HIPAA Guidance
On March 18, 2024, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) updated its guidance on the “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” (Guidance). OCR’s Guidance was first published on December 1, 2022, and is the subject of a lawsuit brought by…
HHS Settles with Doctors’ Management Services Over Ransomware Attack
On October 31, 2023, the Office for Civil Rights (OCR) issued a press release announcing that it has settled with Doctors’ Management Services for $100,000 following a ransomware attack that compromised the protected health information of 206,695 individuals.
According to the press release, “this marks the first ransomware agreement OCR has reached.” The facts underlying…
HHS Seeks to Strengthen Protections of Reproductive Health Information with Proposed Changes to HIPAA
On April 12, 2023, the U.S. Department of Health & Human Services (HHS) released a Notice of Proposed Rulemaking (Proposed Rule) that seeks to enhance safeguards of reproductive health care information through changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The proposal is intended to align with President Biden’s Executive Order…
OCR Reminder: Pandemic-Era HIPAA Flexibilities Will End May 11, 2023
On April 11, 2023 – one month in advance of the end of the COVID-19 public health emergency (PHE) on May 11, 2023 – the federal Office for Civil Rights (OCR) confirmed that various Notifications of Enforcement Discretion issued under HIPAA during the PHE will expire at the end of the day on May 11, 2023.Continue Reading OCR Reminder: Pandemic-Era HIPAA Flexibilities Will End May 11, 2023
Annual Breach Notification Deadline to OCR Looming
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the end of the calendar year.
Therefore, all breaches that affected less than 500 individuals that occurred in 2022 and have…
Privacy Tip – Health Care Sector Continues to Be Hit with Ransomware
According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care sector shared that 66 percent of them had experienced a ransomware attack in 2021, which was an increase of 69 percent over 2020. This was the largest increase of all sectors surveyed.Continue Reading Privacy Tip – Health Care Sector Continues to Be Hit with Ransomware
HHS Issues HIPAA Guidance to Support Audio-Only Telehealth Services
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently issued new guidance (Guidance) on the use of remote communication technologies to deliver audio-only telehealth in accordance with HIPAA. Per OCR, the Guidance is intended to ensure continued access for patients to audio-only telehealth in a secure and compliant manner, particularly once OCR’s notification of enforcement discretion (previously discussed here) tied to the COVID-19 pandemic is rescinded (i.e., once the HHS-declared COVID-19 public health emergency is ended).Continue Reading HHS Issues HIPAA Guidance to Support Audio-Only Telehealth Services
OCR Announces 20th Settlement Under Right of Access Initiative
The Office for Civil Rights (OCR) recently announced that it has entered into the 20th settlement under its Right of Access Initiative. The settlement with Children’s Hospital and Medical Center in Nebraska includes an $80,000 payment by the hospital for failing to provide a mother with timely access to her daughter’s medical records.
According…
Diabetes, Endocrinology & Lipidology Center Becomes 19th Settlement with OCR for HIPAA Right-of-Access Violation
Last week, Diabetes, Endocrinology & Lipidology Center Inc. (DELC) of West Virginia reached a $5,000 settlement with the Office for Civil Rights (OCR) over allegations that it failed to provide timely access to a patient’s health records. The OCR alleged that DELC waited more than two years to send a minor’s medical records to their…