OCR - Healthcare Information Technology Lawyers

New HIPAA Rule Released Today

January 17, 2013

The new HIPAA/HITECH rule in an unpublished version was released today and can be found at www.federalregister.gov/articles/2013/01/25/2013-01073/modifications-to-the-hipaa-privacy-security-enforcement-and-breach-notification-rules. Ober’s analysis to come shortly.

Categories: HIPAA Comments (0)

Tags: HIPAA penalties, HIPAA policies and procedures, OCR

By:

First HIPAA Breach Settlment with Less than 500 Patients

January 2, 2013

Today, HHS announced that it entered into the first breach settlement for less than 500 patients. HHS settled for $50,000 with Hospice of North Idaho for violations of the HIPAA Security Rule including a failure to maintain security policies and procedures and maintain secure mobile devices. In June 2010, an unencrypted Hospice of North Idaho laptop was stolen (...) [Read More]

Categories: HIPAA, HIPAA Security Rule, mHealth Comments (0)

Tags: HIPAA penalties, HIPAA policies and procedures, OCR, stolen data

By:

Medicaid Pays $1,700,000 to Settle HIPAA Security Violations

July 24, 2012

In its first enforcement action against a state agency, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) settled last month with Alaska’s Department of Health and Social Services (DHSS) for HIPAA security violations it reported as required by HITECH. DHSS entered into a settlement agreement and agreed to pay $1,700,000 (...) [Read More]

Categories: HIPAA, HIPAA Privacy Rule, HIPAA Security Rule, HITECH, HITECH Breaches Comments (1)

Tags: corrective action plan, encryption, OCR, stolen data

By:

OCR Settles HIPAA Violations with Small Physician Practice

April 24, 2012

On the heels of its $1.5 million settlement with a large payor, Blue Cross Blue Shield of Tennessee, the Department of Health and Human Services Office for Civil Rights (OCR) announced on April 17, 2012, that it settled with a small physician practice for HIPAA safeguard violations. Phoenix Cardiac Surgery, P.C., a practice owned by (...) [Read More]

Categories: HIPAA, HIPAA Security Rule Comments (2)

Tags: corrective action plan, HIPAA policies and procedures, OCR

By:

First HITECH Breach Enforcement Announced: BCBS Settles with OCR for $1.5 Million

March 29, 2012

Increased enforcement is a key message from the Department of Health and Human Services Office for Civil Rights (OCR). Since the start of 2012, OCR has publicized settlements with three entities: two of which concerned civil rights violations under section 504 of the Rehabilitation Act and the most recent of which concerned violations of the (...) [Read More]

Categories: HIPAA, HIPAA Privacy Rule, HIPAA Security Rule, HITECH Breaches Comments (1)

Tags: corrective action plan, HIPAA penalties, OCR, stolen data

By:

HIPAA Audits Are Coming: KPMG Contracted To Perform 150 Audits Through 2012

July 19, 2011

You can’t run and you can’t hide — HIPAA audits are coming. HHS, through the Office of Civil Rights (OCR) recently named KPMG as the recipient of a $9.2 million contract to develop a HIPAA auditing protocol and conduct audits on 150 covered entities and business associates before December 31, 2012. An additional $180,000 contract (...) [Read More]

Categories: HIPAA, HIPAA Audits Comments (0)

Tags: KPMG, OCR

By:

Breach Reporting Plans: Practical Preparation for the (Almost) Inevitable Breach

July 19, 2011

If there is one aspect of the HITECH Act amendments to the HIPAA privacy rule that has had a major impact on the health care provider community and its business associates, it is the so called “Breach Notification Rule.” The rule requires that covered entities (and their business associates) report breaches of unsecured protected health (...) [Read More]

Categories: HIPAA, HIPAA Privacy Rule, HITECH Breaches, State Privacy Laws Comments (0)

Tags: breach reporting, OCR

By: