HIPAA

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on December 3 that it imposed a $1.19 million penalty on Gulf Coast Pain Consultants, a pain management practice in Florida, following a security breach that affected over 34,000 individuals.

Gulf Coast filed a breach notification report with OCR, as required

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) imposed a $240,000 civil monetary penalty against Providence Medical Institute in connection with a ransomware attack that revealed vulnerabilities in the Institute’s systems and potential HIPAA violations.

The Institute was the victim of a series of ransomware attacks in 2018 that compromised

An article in the September issue of Healthcare Risk Management’s HIPAA Regulatory Alert, “Hospital Terminates Employees for Allowing Another to Do Their Jobs,” discussed a recent incident at Mass General Brigham in Somerville, MA. Upon investigation, the hospital discovered that two employees inappropriately allowed a third person, who was not a hospital

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced that it ordered American Medical Response (AMR) to pay a civil monetary penalty of $115,200 for failing to comply with the patient right of access rule under HIPAA.

HIPAA requires that all covered entities provide timely access to a patient’s

On July 1, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that Heritage Valley Health System, a provider in Pennsylvania, Ohio and West Virginia, agreed to pay $950,000 to resolve potential violations of the HIPAA Security Rule. Heritage Valley’s alleged violations included failure to conduct a risk analysis to

On Thursday, June 13, in the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, Rivkin Radler partner Ashley Algazi will present ”Conducting HIPAA Breach Assessments and Disclosures: Requirements and Tips for Success.”  The program will take place from 12:00 noon to 1:00 PM Eastern time via Zoom.

Some of the topics covered

Rivkin Radler’s Frank Izzo and Jeff Ehrhardt authored an article in the Spring 2024 issue of USLAW magazine, “New York Joins List of States Prohibiting Geofencing Near Healthcare Facilities.” The article discussed geofencing laws, enacted partly in response to the Supreme Court Dobbs decision, in depth by state.

Sign up to receive Rivkin Rounds at 

On February 6, the U.S. Department of Health and Human Services (HHS) announced a $4.75 million settlement with Montefiore Medical Center (MMC) for a breach of unsecured electronic protected health information (ePHI). The settlement stems from an internal investigation that found that an employee of the New York hospital system sold patient information to an

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently released two resource documents to help healthcare providers explain the privacy and security risks of telehealth to their patients.

The first document, entitled “Educating Patients about Privacy and Security Risks to Protected Health Information when Using Remote Communication Technologies

The Federal Trade Commission (FTC) recently issued guidance entitled “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach Notification Rule.” The guidance points out that while businesses that collect, use, or share consumer health information are (or should be) accustomed to complying with HIPAA and its Privacy