Electronic Health Records

The Office of the New York State Attorney General announced on August 13 that Letitia James, along with the Attorneys General of Connecticut and New Jersey, fined Enzo Biochem, Inc. $4.5 million for failing to adequately safeguard its patients’ health data.

Enzo conducts drug research and development, and provides diagnostic services. In 2023, hackers accessed

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced that it ordered American Medical Response (AMR) to pay a civil monetary penalty of $115,200 for failing to comply with the patient right of access rule under HIPAA.

HIPAA requires that all covered entities provide timely access to a patient’s

On July 1, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that Heritage Valley Health System, a provider in Pennsylvania, Ohio and West Virginia, agreed to pay $950,000 to resolve potential violations of the HIPAA Security Rule. Heritage Valley’s alleged violations included failure to conduct a risk analysis to

On June 24, the U.S. Department of Health and Human Services (HHS) Office of Inspector General (OIG) announcedfinal rule that establishes disincentives for certain health care providers that have committed information blocking, or any activity that is likely to hamper access, exchange, or use of electronic protected health information (PHI). This rule

On Thursday, June 13, in the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, Rivkin Radler partner Ashley Algazi will present ”Conducting HIPAA Breach Assessments and Disclosures: Requirements and Tips for Success.”  The program will take place from 12:00 noon to 1:00 PM Eastern time via Zoom.

Some of the topics covered

On February 6, the U.S. Department of Health and Human Services (HHS) announced a $4.75 million settlement with Montefiore Medical Center (MMC) for a breach of unsecured electronic protected health information (ePHI). The settlement stems from an internal investigation that found that an employee of the New York hospital system sold patient information to an

The Federal Trade Commission (FTC) recently issued guidance entitled “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule.” The guidance points out that while businesses that collect, use, or share consumer health information are (or should be) accustomed to complying with HIPAA and its Privacy

A recent data breach involving the computer systems of Great Expressions Dental Centers (GEDC) compromised the records of more than 500 Michigan patients. GEDC operates almost 350 dental practices in 10 states, including New York, New Jersey and Connecticut, making it one of the largest dental services organizations (DSOs) in the country.

GEDC’s website explains:

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on May 8 that David Mente, a Pittsburgh psychotherapist, has paid $15,000 to settle a violation of the HIPAA Privacy Rule. OCR has been pursuing its so-called Right of Access Initiative since 2019, as previously discussed here.

Incredibly, some healthcare

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on February 2 that Banner Health, a not-for-profit hospital system based in Arizona, has paid $1.25 million in order to settle alleged HIPAA violations in connection with a cyber attack.

The incident occurred in 2016 when a hacker gained access to