Healthcare Information Security

Office for Civil Rights

Audit Controls Underlined in $5.5M OCR HIPAA Settlement

February 17, 2017 - UPDATE: Memorial Healthcare System sent comments to HealthITSecurity.com on February 17.  Florida-based Memorial Healthcare Systems (MHS) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from incidents that were reported in 2012. OCR stated that a lack of audit controls was a major factor in the determined settlement. A PHI data breach was first reported to OCR on...


More Articles

Audit Controls Underlined in $5.5M OCR HIPAA Settlement

by Elizabeth Snell

UPDATE: Memorial Healthcare System sent comments to HealthITSecurity.com on February 17.  Florida-based Memorial Healthcare Systems (MHS) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from incidents that were reported...

$2.2M OCR HIPAA Settlement Highlights ePHI Safeguard Need

by Elizabeth Snell

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA settlement stemming from allegations of a lack of ePHI safeguards. MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) agreed to the...

OCR Clarifies PHI Disclosure Guidance in HIPAA Privacy Rule

by Elizabeth Snell

Partially due to legal confusion following the 2016 Orlando nightclub shooting, the Office for Civil Rights (OCR) has released an FAQ clarifying certain aspects of PHI disclosure policies with patients’ loved ones under the HIPAA Privacy...

Breach Notification Center of Presence Health HIPAA Settlement

by Elizabeth Snell

Healthcare network Presence Health recently agreed to a $475,000 OCR HIPAA settlement following a reported data breach and a subsequent delayed breach notification process. Presence submitted a breach notification report to OCR on January 31,...

Utilizing Risk Analyses for Comprehensive HIPAA Compliance

by Elizabeth Snell

As technology continues to evolve and become more intricate, covered entities and their business associates have to ensure they account for potential risk in all aspects of their organization. A key part to complete HIPAA compliance is an updated...

2016 OCR HIPAA Settlements Target Risk Analyses, Total $23.5M

by Elizabeth Snell

With 2016 winding down, covered entities and their business associates cannot ease up when it comes to protecting PHI. As the OCR HIPAA settlements from the year have shown, there has been a strong focus on healthcare organizations conducting...

OCR Warns of Phishing Scam to HIPAA Covered Entities

by Elizabeth Snell

UPDATE: OCR released an additional update on November 30 with new details regarding the phishing scam.  Employees of HIPAA covered entities and their business associates should be aware of an alleged phishing scam that is using Department...

UMass Agrees to $650K OCR HIPAA Settlement after Allegations

by Elizabeth Snell

Following alleged HIPAA violations stemming from a malware infection that potentially exposed the ePHI of 1,670 individuals, the University of Massachusetts Amherst (UMass) agreed to an OCR HIPAA settlement. Along with adhering to a corrective...

OCR HIPAA Settlements Total $13.5M, Affect Entities and BAs

by Elizabeth Snell

The Office for Civil Rights (OCR) has shown with several of its recent HIPAA settlements that both covered entities and business associates are liable for potential HIPAA violations. OCR has said that as healthcare technology continues to evolve...

OCR Newsletter Underlines Healthcare Authentication Importance

by Elizabeth Snell

One of the causes of healthcare data breaches over the past few years has been to weakened healthcare authentication measures, according to the Office for Civil Rights (OCR). As healthcare continues to be a top target for cyber attacks, organizations...

Top 4 Healthcare Data Breaches Stem from Hacking Incident

by Elizabeth Snell

While 2016 is not yet complete, there have already been approximately 250 reported cases of potential healthcare data breaches affecting more than 500 individuals submitted to the Office for Civil Rights (OCR). The majority of these incidents...

St. Joseph Health Agrees to $2.14M OCR HIPAA Settlement

by Elizabeth Snell

A health care delivery system recently agreed to an OCR HIPAA settlement following reports that it had publicly accessible files containing ePHI from 2011 to 2012. St. Joseph Health (SJH) notified OCR on February 14, 2012 that certain files containing...

OCR ‘Laser Focused’ on HIPAA Violation Complaints, Enforcement

by Elizabeth Snell

While 2015 and 2016 saw the Office for Civil Rights (OCR) enter into a record number of settlement agreements, most of its received complaints do not involve an alleged HIPAA violation, according to HHS Director Jocelyn Samuels. Healthcare technology...

Latest OCR HIPAA Settlement Highlights BAA Importance

by Elizabeth Snell

Care New England Health System (CNE) agreed to an OCR HIPAA settlement after it was found to have not had a current business associate agreement in place to keep PHI secure. Woman & Infants Hospital of Rhode Island (WIH) was a CNE covered...

Utilizing Business Associate Agreements in Breach Prevention

by Elizabeth Snell

While no healthcare organization can guarantee that they will never fall victim to a data breach or cybersecurity attack, having the right tools in place can help to lessen the likelihood or even assist in recovering from a breach. Having necessary...

Why Lacking Risk Assessments May Lead to OCR HIPAA Settlements

by Elizabeth Snell

Healthcare organizations cannot afford to skip out on conducting regular risk assessments, according to several recent OCR HIPAA settlements. Failing to identify potential risks and vulnerabilities in ePHI security could lead to healthcare data...

OCR Aims to Improve Smaller Data Breach Investigation Process

by Elizabeth Snell

Starting in August 2016, the Office for Civil Rights (OCR) will start an initiative to better investigate smaller data breaches. The data breach investigation process will look further into the root causes of incidents affecting fewer than 500...

Advocate Health Care Agrees to $5.55M OCR HIPAA Settlement

by Elizabeth Snell

UPDATE: Since publication of this report, Advocate has issued an official statement on the settlement.  Illinois-based healthcare system Advocate Health Care (Advocate) recently agreed to a $5.5 million OCR HIPAA settlement, stemming from...

OCR Clarifies HIPAA Desk Audits, Unique Device Identifiers

by Elizabeth Snell

With the Office for Civil Rights (OCR) announcing the HIPAA desk audits earlier this month, the Department of Health and Human Services (HHS) wanted to ensure that covered entities fully understand the process and how it will potentially affect...

UMMC Agrees to $2.75M HIPAA Settlement after Multiple Violations

by Elizabeth Snell

Following numerous reports of alleged HIPAA violations that led to a healthcare data breach, the University of Mississippi Medical Center (UMMC) recently agreed to a $2.75 million HIPAA settlement. The Office for Civil Rights (OCR) explained...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks