HIPAA and Compliance News

Indiana AG Sues Healthcare Organization Over Data Breach

March 5, 2024 - Indiana Attorney General Todd Rokita filed a lawsuit against Apria Healthcare over a data breach that unfolded between April 2019 and October 2021. Apria is a leading provider of home medical equipment delivery and clinical support and serves more than two million patients across 270 locations. In September 2021, the Federal Bureau of Investigation...


Articles

HHS Delivers Reports to Congress on HIPAA Compliance, Enforcement

by

The HHS Office for Civil Rights (OCR) delivered two reports to Congress on HIPAA compliance and enforcement efforts logged by the department during the 2022 calendar year. HHS is required to...

HHS Settles Ransomware Investigation With Behavioral Health Provider

by

Green Ridge Behavioral Health agreed to pay $40,000 and implement corrective actions to resolve a ransomware investigation conducted by the HHS Office for Civil Rights (OCR). This marks the second-ever...

HHS, NIST Finalize Joint HIPAA Security Rule Guidance

by

The HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published the final version of Special Publication (SP) 800-66 Revision 2, aimed at helping covered...

HHS Finalizes Changes to Substance Use Confidentiality Regulations

by

HHS, via the Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA), announced its finalized changes to the Confidentiality of Substance Use...

US Fertility Reaches $5.75M Data Breach Settlement

by

US Fertility (USF) reached a $5.75 million settlement to resolve allegations of negligence following a 2020 ransomware attack and data breach that impacted nearly 900,000 individuals. USF provides IT...

OCR Reaches $4.75M Settlement With NY Health System

by

UPDATE 2/7/2024 - This article has been updated to include a statement from a Montefiore Medical Center spokesperson. The HHS Office for Civil Rights (OCR) announced a $4.75 million settlement with...

NY AG Fines NewYork-Presbyterian Hospital Over Tracking Tech Use

by

New York Attorney General Letitia James fined the NewYork-Presbyterian Hospital (NYP) $300,000 over its use of tracking tech that resulted in private information being shared with third-party tech...

OCR Settles Multiple HIPAA Right of Access Complaints With Optum Medical Care

by

The HHS Office for Civil Rights (OCR) announced its 46th enforcement action under the HIPAA Right of Access Initiative. The enforcement action resolved an investigation into Optum Medical Care, a...

NY AG Reaches $400K Settlement With Healthplex Over Data Breach

by

New York Attorney General (NYAG) Letitia James reached a settlement with Healthplex, a large dental insurance provider, following a data breach that occurred in November 2021. Healthplex agreed to pay...

HHS Settles First Phishing Attack Investigation With Louisiana Medical Group

by

HHS reached its first-ever phishing attack settlement with Lafourche Medical Group, a Louisiana-based medical group that specializes in emergency medicine, lab testing, and occupational medicine....

HHS Settles HIPAA Investigation With St. Joseph’s Over PHI Disclosure to Media

by

The HHS Office for Civil Rights (OCR) completed a HIPAA investigation into New York-based Saint Joseph’s Medical Center following claims that the organization had impermissibly disclosed COVID-19...

AHA Sues Federal Government Over OCR Tracking Technology Guidance

by

The American Hospital Association (AHA) has sued the federal government over the HHS Office for Civil Rights’ (OCR) stance on tracking technology use in healthcare. Joined by the Texas Hospital...

HHS Reaches Settlement With Healthcare Business Associate Following Ransomware Attack

by

The HHS Office for Civil Rights (OCR) announced a $100,000 settlement to resolve a data breach investigation with Doctors’ Management Services, a Massachusetts-based medical management company...

OCR Releases Educational Video on HIPAA Security Rule

by

The HHS Office for Civil Rights (OCR) released an educational video to help covered entities understand how the HIPAA Security Rule can help them defend against cyberattacks. The video was produced in...

Inmediata Health Resolves Multi-State Data Breach Investigation With $1.4M Settlement

by

Puerto Rico-based healthcare clearinghouse Inmediata Health agreed to a $1.4 million settlement to resolve a multi-state data breach investigation backed by 33 state attorneys general. Inmediata...

AHA: OCR Tracking Technology Rule Violates HIPAA Regulations

by

The American Hospital Association (AHA) has urged Congress and the HHS Office for Civil Rights (OCR) to withdraw the rule related to online tracking technologies, arguing that it violates HIPAA...

ONC, OCR Release Security Risk Assessment Tool Version 3.4

by

The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) announced the release of version 3.4 of the Security Risk Assessment (SRA) Tool,...

Senator Seeks Stakeholder Feedback on Improving Health Data Privacy

by

Healthcare stakeholders have an opportunity to provide feedback to the Senate on improving health data privacy in the US, thanks to a request from US Senator Bill Cassidy (R-LA), a ranking member of...

OCR Reaches $1.3M Settlement With LA Care Over Potential HIPAA Violations

by

LA Care, a Los Angeles-based health plan, agreed to a $1.3 million settlement and corrective action plan (CAP) to resolve potential HIPAA violations uncovered during two HHS Office for Civil Rights...