Electronic Health Records

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on May 8 that David Mente, a Pittsburgh psychotherapist, has paid $15,000 to settle a violation of the HIPAA Privacy Rule. OCR has been pursuing its so-called Right of Access Initiative since 2019, as previously discussed here.

Incredibly, some healthcare

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on February 2 that Banner Health, a not-for-profit hospital system based in Arizona, has paid $1.25 million in order to settle alleged HIPAA violations in connection with a cyber attack.

The incident occurred in 2016 when a hacker gained access to

On December 1, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued a Bulletin entitled ”Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates“ that addresses the responsibilities of HIPAA covered entities and business associates (“regulated entities”) when using online tracking technologies. Regulated entities need

Dental Care Alliance, LLC (DCA) agreed to settle a class action lawsuit that arose out of a 2020 cyberattack. A hearing to approve the $3 million settlement was held on September 1.

DCA, based in Sarasota, Fla., is a dental services organization that provides practice support to over 390 affiliated dental practices across the U.S.

In the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, Ashley Algazi will discuss requirements and tips for success in conducting HIPAA breach assessments and making required disclosures. The program will:

• Review HIPAA breach definition
• Discuss the analysis and investigation process to determine whether a breach has occurred
• Review

Oklahoma State University’s Center for Health Services recently paid $875,000 to settle potential HIPAA violations after a cyberattack resulted in the unauthorized access of its patients’ protected health information. A hacker installed malware on the Center’s web server which contained electronic protected health information. More than 275,000 individuals were affected by the breach, which resulted

Rivkin Radler’s Shari Claire Lewis wrote an article, “FTC Appears Ready to Begin Enforcing Its Health Breach Notification Rule,” that was published in the New York Law Journal on April 18. The article discusses the Federal Trade Commission’s rule that requires manufacturers of connected medical devices, fitness trackers and other wearables, and health

On March 22, the U.S. Department of Health and Human Services (HHS) issued guidance clarifying the obligations of covered entities to require their business associates to comply with HIPAA Administrative Simplification requirements related to standards for electronic health care transactions, code sets, unique identifiers, and operating rules.

While these requirements apply only to covered entities,

The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) recently issued a report entitled “Electronic Medical Records in Healthcare” that discussed security risks applicable to electronic medical records (EMRs) and electronic health records (EHRs). EHRs and EMRs are prime targets for cyber attackers because protected health information (PHI)