Office for Civil Rights

HHS Delivers Reports to Congress on HIPAA Compliance, Enforcement

February 26, 2024 - The HHS Office for Civil Rights (OCR) delivered two reports to Congress on HIPAA compliance and enforcement efforts logged by the department during the 2022 calendar year. HHS is required to submit these reports to Congress each year under the Health Information Technology for Economic and Clinical Health (HITECH) Act of...


More Articles

HHS Settles Ransomware Investigation With Behavioral Health Provider

by Jill McKeon

Green Ridge Behavioral Health agreed to pay $40,000 and implement corrective actions to resolve a ransomware investigation conducted by the HHS Office for Civil Rights (OCR). This marks the second-ever...

HHS, NIST Finalize Joint HIPAA Security Rule Guidance

by Jill McKeon

The HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published the final version of Special Publication (SP) 800-66 Revision 2, aimed at helping covered...

OCR Reaches $4.75M Settlement With NY Health System

by Jill McKeon

UPDATE 2/7/2024 - This article has been updated to include a statement from a Montefiore Medical Center spokesperson. The HHS Office for Civil Rights (OCR) announced a $4.75 million settlement with...

This Year’s Largest Healthcare Data Breaches

by Jill McKeon

Healthcare cybersecurity has garnered unprecedented attention from lawmakers and industry coalitions this year, signifying a step forward for the sector. However, reported data breach figures tell a different story, as cyberattacks...

OCR Settles Multiple HIPAA Right of Access Complaints With Optum Medical Care

by Jill McKeon

The HHS Office for Civil Rights (OCR) announced its 46th enforcement action under the HIPAA Right of Access Initiative. The enforcement action resolved an investigation into Optum Medical Care, a...

HHS Settles First Phishing Attack Investigation With Louisiana Medical Group

by Jill McKeon

HHS reached its first-ever phishing attack settlement with Lafourche Medical Group, a Louisiana-based medical group that specializes in emergency medicine, lab testing, and occupational medicine....

HHS Settles HIPAA Investigation With St. Joseph’s Over PHI Disclosure to Media

by Jill McKeon

The HHS Office for Civil Rights (OCR) completed a HIPAA investigation into New York-based Saint Joseph’s Medical Center following claims that the organization had impermissibly disclosed COVID-19...

AHA Sues Federal Government Over OCR Tracking Technology Guidance

by Jill McKeon

The American Hospital Association (AHA) has sued the federal government over the HHS Office for Civil Rights’ (OCR) stance on tracking technology use in healthcare. Joined by the Texas Hospital...

HHS Reaches Settlement With Healthcare Business Associate Following Ransomware Attack

by Jill McKeon

The HHS Office for Civil Rights (OCR) announced a $100,000 settlement to resolve a data breach investigation with Doctors’ Management Services, a Massachusetts-based medical management company...

OCR Releases Educational Video on HIPAA Security Rule

by Jill McKeon

The HHS Office for Civil Rights (OCR) released an educational video to help covered entities understand how the HIPAA Security Rule can help them defend against cyberattacks. The video was produced in...

OCR Publishes Resources On Telehealth Privacy, Security Risks

by Jill McKeon

The HHS Office for Civil Rights (OCR) unveiled two resource documents to help providers communicate telehealth privacy and security risks to patients. The documents, entitled “Educating Patients...

ONC, OCR Release Security Risk Assessment Tool Version 3.4

by Jill McKeon

The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) announced the release of version 3.4 of the Security Risk Assessment (SRA) Tool,...

How HHS Plans to Prioritize Healthcare Cybersecurity

by Jill McKeon

HHS and its many agencies and offices serve a variety of roles within the healthcare sector, including several in cybersecurity. At the most recent HIMSS Healthcare Cybersecurity Forum, leaders from the Administration for Strategic...

OCR Reaches $1.3M Settlement With LA Care Over Potential HIPAA Violations

by Jill McKeon

LA Care, a Los Angeles-based health plan, agreed to a $1.3 million settlement and corrective action plan (CAP) to resolve potential HIPAA violations uncovered during two HHS Office for Civil Rights...

HHS, FTC Publish Warning Letters Sent to Healthcare Entities Over Third-Party Tracking Tech

by Jill McKeon

In a document that spans hundreds of pages, HHS and the Federal Trade Commission (FTC) published letters sent to 130 healthcare organizations regarding the security and privacy risks of third-party...

UnitedHealthcare Resolves HIPAA Right of Access Case With $80K Settlement

by Jill McKeon

The HHS Office for Civil Rights (OCR) reached a settlement with UnitedHealthcare Insurance Company (UHIC) to resolve potential HIPAA right of access violations. UHIC, a health insurer that provides...

HHS, FTC Warn Hospitals and Telehealth Providers About Third-Party Tracking Tech

by Jill McKeon

The HHS Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) sent a joint letter to 130 hospitals and telehealth providers to emphasize the security and privacy risks of third-party...

OCR Reinforces Importance of Multi-Factor Authentication in Healthcare

by Jill McKeon

Strong authentication practices can help healthcare organizations mitigate breach risk and maintain compliance, the HHS Office for Civil Rights (OCR) reminded covered entities in its June 2023...

HHS Settles HIPAA Investigation With Healthcare Business Associate

by Jill McKeon

The HHS Office for Civil Rights (OCR) settled a HIPAA investigation involving iHealth Solutions (also known as Advantum Health), a healthcare business associate that provides coding, billing, and IT...