HIPAA

OpenAI has launched ChatGPT Health, a new health‑focused capability within its generative AI chatbot that allows users to connect their medical records and wellness app data to generate more personalized health‑related responses. This feature represents a shift from using AI for general health information toward deeper, context‑aware insights grounded in individuals’ own data.

What

It was brought to the attention of the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) that healthcare providers may be violating HIPAA in certain instances where they deny parental access to a child’s medical records, or require the child to authorize the disclosure of their medical records to the parent

Ransomware cyber attacks have been a prominent threat to the healthcare industry. In this case, First Choice Dental, a large dental practice with multiple locations across Wisconsin, was targeted by hackers in October 2023. The hackers gained access to sensitive information including patient names, dates of birth, Social Security numbers, passport numbers, driver’s license numbers

A company that runs five nursing homes in Delaware recently agreed to pay a $182,000 fine to settle an investigation for alleged HIPAA violations. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) investigated the company, referred to collectively as the Cadia Healthcare Facilities, after it received a complaint that the

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has announced another settlement for alleged violations of HIPAA. OCR investigated BayCare Health System, which serves central Florida, after a patient complained to OCR in 2018 that her medical record was accessed by an unauthorized individual.

The patient told OCR that she

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on December 3 that it imposed a $1.19 million penalty on Gulf Coast Pain Consultants, a pain management practice in Florida, following a security breach that affected over 34,000 individuals.

Gulf Coast filed a breach notification report with OCR, as required

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) imposed a $240,000 civil monetary penalty against Providence Medical Institute in connection with a ransomware attack that revealed vulnerabilities in the Institute’s systems and potential HIPAA violations.

The Institute was the victim of a series of ransomware attacks in 2018 that compromised

An article in the September issue of Healthcare Risk Management’s HIPAA Regulatory Alert, “Hospital Terminates Employees for Allowing Another to Do Their Jobs,” discussed a recent incident at Mass General Brigham in Somerville, MA. Upon investigation, the hospital discovered that two employees inappropriately allowed a third person, who was not a hospital

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced that it ordered American Medical Response (AMR) to pay a civil monetary penalty of $115,200 for failing to comply with the patient right of access rule under HIPAA.

HIPAA requires that all covered entities provide timely access to a patient’s

On July 1, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that Heritage Valley Health System, a provider in Pennsylvania, Ohio and West Virginia, agreed to pay $950,000 to resolve potential violations of the HIPAA Security Rule. Heritage Valley’s alleged violations included failure to conduct a risk analysis to