Articles and Blogs

On April 21, 2016, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced a $2.2 million settlement with a New York hospital (“Hospital”) stemming from unauthorized patient filming by ABC’s NY Med television show. In what OCR called an egregious disclosure of protected health information (“PHI”) in violation of... READ MORE

On April 19, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) reached a settlement in the amount of $755,000 with a North Carolina orthopedic clinic (“Clinic”) for failing to execute a business associate agreement with a third-party vendor. This is OCR’s second settlement this year related to business... READ MORE

On January 7, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) released new guidance clarifying an individual’s right to access his or her medical record under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). On February 25, 2016, OCR released additional guidance explaining the permissible reasonable cost-based... READ MORE

Starting at the beginning of 2016, the Equal Employment Opportunity Commission (“EEOC”) has changed its procedures when it comes to employer position statements submitted in response to charges of discrimination. Now, the EEOC will release complete employer position statements and attachments to any charging party and their attorney who request release. In the past, the... READ MORE

For years, companies in the United States have relied on a Safe Harbor to the EU Directives (the stringent privacy requirements imposed by the European Union) to qualify for the ability to transfer protected data between EU countries and the United States. Today, however, the European Court of Justice ruled that the agreement between... READ MORE

Two separate alleged HIPAA violations resulted in an enforcement action by the Department of Health and Human Services (“HHS”) against a Massachusetts hospital (“Hospital”).  On July 10, 2015, the HHS Office for Civil Rights (“OCR”) announced a $218,400 settlement with the Hospital to resolve HIPAA investigations into two issues: READ MORE

On April 27, 2015, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced that it entered into a settlement with a Colorado pharmacy (“Pharmacy”) arising from alleged violations of the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule.  Under the settlement, the Pharmacy agreed to pay $125,000 in... READ MORE

Health care data breaches are not new. The breach announced by health insurer Anthem on February 5, 2015 is notable mostly for its scope. According to Anthem’s statement, hackers utilized a very sophisticated cyber attack to gain access to the information of potentially 80 million current and former Anthem members. The information accessed included... READ MORE

On December 8, 2014, the Department of Health and Human Services (“HHS”) announced that it had reached a settlement with a nonprofit, community mental health care provider (“Provider”) arising out of alleged violations of the Security Rule under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The settlement comes after an HHS... READ MORE

The Indiana Court of Appeals recently issued an opinion in the case of Walgreen Co. vs Hinchy that could permanently alter the landscape for employer liability for HIPAA violations committed by employees.  Health care providers should be aware of this case and take actions to limit their exposure to this type of liability. Background... READ MORE