HIPAA and Compliance News

Cerebral faces $7M FTC penalty over alleged health data security failures

April 17, 2024 - Under a proposed order from the Federal Trade Commission (FTC), online mental healthcare platform Cerebral will be restricted from disclosing consumers’ personal health information to third parties for advertising purposes and from misrepresenting its privacy and data security practices. Cerebral will also be required to provide customers...

Read More


Articles

FTC bans Monument from disclosing health data to third-party advertisers

by

The Federal Trade Commission (FTC) banned Monument, an alcohol addiction treatment service, from disclosing its users’ personal health data to third-party advertisers, following allegations that...

HHS imposes $100K penalty on NJ facility over HIPAA right of access violations

by

The HHS Office for Civil Rights (OCR) imposed a $100,000 civil monetary penalty against Hackensack Meridian Health, West Caldwell Care Center, also known as Essex Residential Care, over HIPAA right of...

HHS reaches HIPAA right of access settlement with Phoenix Healthcare

by

The HHS Office for Civil Rights (OCR) announced a HIPAA right of access settlement with Oklahoma-based Phoenix Healthcare, marking the office’s 47th enforcement action under the HIPAA Right of...

OCR updates HIPAA guidance on online tracking technologies

by

OCR recently released updated HIPAA guidance for covered entities and business associates who use online tracking technologies that exchange protected health information (PHI). The guidance addresses...

Indiana AG Sues Healthcare Organization Over Data Breach

by

Indiana Attorney General Todd Rokita filed a lawsuit against Apria Healthcare over a data breach that unfolded between April 2019 and October 2021. Apria is a leading provider of home medical equipment...

HHS Delivers Reports to Congress on HIPAA Compliance, Enforcement

by

The HHS Office for Civil Rights (OCR) delivered two reports to Congress on HIPAA compliance and enforcement efforts logged by the department during the 2022 calendar year. HHS is required to...

HHS Settles Ransomware Investigation With Behavioral Health Provider

by

Green Ridge Behavioral Health agreed to pay $40,000 and implement corrective actions to resolve a ransomware investigation conducted by the HHS Office for Civil Rights (OCR). This marks the second-ever...

HHS, NIST Finalize Joint HIPAA Security Rule Guidance

by

The HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published the final version of Special Publication (SP) 800-66 Revision 2, aimed at helping covered...

HHS Finalizes Changes to Substance Use Confidentiality Regulations

by

HHS, via the Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA), announced its finalized changes to the Confidentiality of Substance Use...

US Fertility Reaches $5.75M Data Breach Settlement

by

US Fertility (USF) reached a $5.75 million settlement to resolve allegations of negligence following a 2020 ransomware attack and data breach that impacted nearly 900,000 individuals. USF provides IT...

OCR Reaches $4.75M Settlement With NY Health System

by

UPDATE 2/7/2024 - This article has been updated to include a statement from a Montefiore Medical Center spokesperson. The HHS Office for Civil Rights (OCR) announced a $4.75 million settlement with...

NY AG Fines NewYork-Presbyterian Hospital Over Tracking Tech Use

by

New York Attorney General Letitia James fined the NewYork-Presbyterian Hospital (NYP) $300,000 over its use of tracking tech that resulted in private information being shared with third-party tech...

OCR Settles Multiple HIPAA Right of Access Complaints With Optum Medical Care

by

The HHS Office for Civil Rights (OCR) announced its 46th enforcement action under the HIPAA Right of Access Initiative. The enforcement action resolved an investigation into Optum Medical Care, a...

NY AG Reaches $400K Settlement With Healthplex Over Data Breach

by

New York Attorney General (NYAG) Letitia James reached a settlement with Healthplex, a large dental insurance provider, following a data breach that occurred in November 2021. Healthplex agreed to pay...

HHS Settles First Phishing Attack Investigation With Louisiana Medical Group

by

HHS reached its first-ever phishing attack settlement with Lafourche Medical Group, a Louisiana-based medical group that specializes in emergency medicine, lab testing, and occupational medicine....

HHS Settles HIPAA Investigation With St. Joseph’s Over PHI Disclosure to Media

by

The HHS Office for Civil Rights (OCR) completed a HIPAA investigation into New York-based Saint Joseph’s Medical Center following claims that the organization had impermissibly disclosed COVID-19...

AHA Sues Federal Government Over OCR Tracking Technology Guidance

by

The American Hospital Association (AHA) has sued the federal government over the HHS Office for Civil Rights’ (OCR) stance on tracking technology use in healthcare. Joined by the Texas Hospital...

HHS Reaches Settlement With Healthcare Business Associate Following Ransomware Attack

by

The HHS Office for Civil Rights (OCR) announced a $100,000 settlement to resolve a data breach investigation with Doctors’ Management Services, a Massachusetts-based medical management company...

OCR Releases Educational Video on HIPAA Security Rule

by

The HHS Office for Civil Rights (OCR) released an educational video to help covered entities understand how the HIPAA Security Rule can help them defend against cyberattacks. The video was produced in...

Recent Articles