HIPAA

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on May 8 that David Mente, a Pittsburgh psychotherapist, has paid $15,000 to settle a violation of the HIPAA Privacy Rule. OCR has been pursuing its so-called Right of Access Initiative since 2019, as previously discussed here.

Incredibly, some healthcare

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on April 11 that the Notifications of Enforcement Discretion issued under HIPAA and the HITECH Act during the federal COVID-19 public health emergency (PHE) will expire when the PHE ends on May 11.

The four Notifications of Enforcement Discretion that will

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on February 2 that Banner Health, a not-for-profit hospital system based in Arizona, has paid $1.25 million in order to settle alleged HIPAA violations in connection with a cyber attack.

The incident occurred in 2016 when a hacker gained access to

I don’t know how to say it any more clearly.  Somehow, medical and dental practices continue to get roped into responding to negative patient reviews on Yelp, Google, or elsewhere online, and posting any identifying information about a patient is a HIPAA violation. It’s protected health information (PHI), even if the patient posted something first.

On December 1, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued a Bulletin entitled ”Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates“ that addresses the responsibilities of HIPAA covered entities and business associates (“regulated entities”) when using online tracking technologies. Regulated entities need

On October 7, the U.S. Attorney’s Office for the District of New Jersey announced that a former physician pleaded guilty to conspiring to wrongfully disclose patients’ protected health information to a pharmaceutical sales representative. Frank Alario, who had had numerous offices in New Jersey, Manhattan and Florida, admitted to criminal HIPAA violations in connection with

On August 23, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that Massachusetts-based New England Dermatology, P.C., d/b/a New England Dermatology and Laser Center (NEDLC), agreed to resolve alleged HIPAA violations for a fine of $300,640.

OCR commenced an investigation of NEDLC after the provider filed a breach report

In the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, Ashley Algazi will discuss requirements and tips for success in conducting HIPAA breach assessments and making required disclosures. The program will:

• Review HIPAA breach definition
• Discuss the analysis and investigation process to determine whether a breach has occurred
• Review

Oklahoma State University’s Center for Health Services recently paid $875,000 to settle potential HIPAA violations after a cyberattack resulted in the unauthorized access of its patients’ protected health information. A hacker installed malware on the Center’s web server which contained electronic protected health information. More than 275,000 individuals were affected by the breach, which resulted