OCR Settles with New York Covered Entity that Impermissibly Disclosed Patient’s HIV Protected Health Information to Employer

May 26, 2017. On May 23, 2017, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a news release pertaining to a resolution agreement and corrective action plan with St. Luke’s-Roosevelt Hospital Center, Inc. for a settlement payment of $387,200 relating to a hospital component’s HIPAA Privacy Rule violation involving the impermissible disclosure of HIV-related protected health information. 

OCR Settles HIPAA Security Risk Violations with St. Joseph Health Integrated Health Care Delivery System for $2.14 Million

October 19, 2016. On October 18, 2016, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced in a news release entitled: $2.14 million HIPAA settlement underscores importance of managing security risk, that St. Joseph Health (SJH), a nonprofit integrated Catholic health care delivery system throughout California and in parts of Texas and New Mexico, settled HIPAA Security Rule violations for $2,140,500 and agreed to a corrective action plan.

ONC’s Guidance on Mobile Device Safeguards for ePHI Requires a Careful Look and Implementation

October 17, 2016. In the previous post on the Office for Civil Rights (OCR) recently released Guidance on HIPAA & Cloud Computing, Question #7 was: “Do the HIPAA Rules allow health care providers to use mobile devices to access ePHI in a cloud?”

OCR Settles Diverse HIPAA Violations with Advocate Health Care Network for $5.55 Million

August 5, 2016. On August 4, 2016, the Office for Civil Rights (OCR) the HIPAA privacy, security, and HITECH Act breach enforcement arm of the U.S. Department of Health and Human Services (HHS) settled HIPAA multiple privacy and security violations with Advocate Health Care Network (“Advocate Health”) for $5.55 million—the largest OCR settlement with a single entity to date. Advocate health is a nonprofit organization in Illinois comprised of “250 treatment locations, including twelve acute-care hospitals and one of the region’s largest medical groups,” as reported by HHS.

OCR Announces Another Huge HIPAA Violation Settlement and Corrective Action Plan July 18 Week: This One for $2.75 Million

July 22, 2016. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced on July 21, 2016, a $2.75 million settlement with the University of Mississippi Medical Center (UMMC) for failure to implement risk management measures of which it had been aware for a long time until after a breach of unsecured electronic protected health information occurred affecting approximately 10,000 individuals.

Oregon Health and Science University Settles Widespread HIPAA Violations for $2.7 Million and 3-Year Probationary Compliance Term

The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced on July 18, 2016, a $2.7 million settlement with Oregon Health and Science University (OHSU), a Portland, OR large academic health center and research university for multiple HIPAA violations, including multiple breaches of unsecured protected health information on portable devices, and storing electronic protected health information (ePHI) on a cloud-based server in the absence of initiating a business associate agreement. OCR and OHSU agreed to a 3-year resolution agreement and corrective action plan.

OCR Issues New Fact Sheet Identifying How the HIPAA Security Rule Can Address Ransomware

On July 11, 2016, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published a document entitled: Fact Sheet: Ransomware and HIPAA. The purpose of the document was to inform covered entities and business associates how they could enhance security measures to diminish the likelihood of having their electronic protected health information held hostage in a ransomware attack.

OCR Issues New Audit Protocols Tailored to Desk Audits, Not Necessarily to Design and Implementation of Policies and Procedures

April 15, 2016. On April 1, 2016, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Resources (HHS) published on its Website the long-awaited Audit Protocol-Current, which describes its intent as:

OCR’s Audit Pre-Screening Questionnaire: How Health Plans Must Respond

April 15, 2016. On April 1, 2016, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Resources (HHS) published on its Website its Audit Pre-Screening Questionnaire. We covered in an earlier post OCR’s initial outreach to covered entities to acquire and verify contact information. Then, OCR explains: “Once entity contact information is obtained, a questionnaire designed to gather data about the size, type, and operations of potential auditees will be sent to covered entities and business associates. [These] data will be used with other information to develop pools of potential auditees for the purpose of making audit subject selections.

Recent Article on HIPAA Safeguard Compliance Audits Highlights Need for Tighter Business Associate Agreements

April 7, 2016. HIPAA Integrity recommends that you read the March 28, 2016, Modern Healthcare article by Joseph Conn entitled: “HHS amps up vendor HIPAA audits,” which focuses on the role of business associates handling covered entity protected health information (PHI). The article notes that since the Office for Civil Rights (OCR) started posting breaches of medical records in September 2009, there have been 1,472 breaches posted, affecting just under 33 million individuals.

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)