Articles and Blogs

The United States Department of Health and Human Services Office for Civil Rights (“OCR”) announced a $300,640 settlement and corrective action plan with a dermatology provider over the improper disposal of protected health information (“PHI”). Background In May of 2021, the dermatology provider reported a breach to OCR when empty specimen containers with PHI on... READ MORE

On July 15, 2022, the Office for Civil Rights (“OCR”) at the U.S. Department of Health and Human Services (“HHS”) announced its resolution of eleven separate investigations against covered entities for violations of the individual’s right of access under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). OCR’s continued efforts with respect... READ MORE

The United States Department of Health and Human Services Office for Civil Rights (“OCR”) announced a settlement with a research university (“University”) which has agreed to pay $875,000 to settle potential violations of the HIPAA Privacy, Security and Breach Notification Rules, as well as to take corrective action after an unauthorized third party gained... READ MORE

On June 29, 2022, the Office for Civil Rights (“OCR”) in the U.S. Department of Health & Human Services (“HHS”) released a notice and guidance on the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the protection of patient information relating to reproductive health care (the “Notice”). The Notice also describes example situations involving... READ MORE

The U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights released guidance detailing how health care providers subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) can use remote communication technologies to provide audio-only telehealth services when such communications are conducted in a manner that is consistent with... READ MORE

On March 28, 2022, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced the resolution of two more complaints under its Right of Access Initiative. This brings the total number of cases to 27 since the initiative was first announced in 2019, with financial liability imposed on covered entities... READ MORE

The United States Department of Health and Human Services Office for Civil Rights (“OCR”) announced a settlement with a dental practice (“Practice”) which has agreed to pay $62,500 to settle potential violations of the HIPAA Privacy Rule, as well as to take corrective action after impermissibly disclosing patient PHI to a political campaign manager... READ MORE

The Information Blocking Rule (45 CFR part 171) is only a month into effect, and improved access to medical records, particularly concurrent delivery of lab results to the provider and patient and increased access to provider notes through patient portals, already has led to scrutiny of accurate encounter notes and complicated patient satisfaction issues... READ MORE

On January 19, 2021, OCR announced that it will exercise its discretion in enforcing the HIPAA Privacy, Security and Breach Notification Rules by not imposing penalties for noncompliance with those requirements against covered entities who are health care providers or their business associates in connection with the use of online or web-based scheduling applications... READ MORE

Following a Notice of Enforcement Discretion (“NED”) issued earlier this year (discussed in our previous article here), the Office for Civil Rights (“OCR”) has issued detailed guidance addressing the sharing of protected health information (“PHI”) through health information exchanges (“HIEs”) for public health activities of a public health authority (“PHA”). An HIE enables participants... READ MORE