The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently announced that Manasa Health Center in Kendall Park, New Jersey entered into a Resolution Agreement and Corrective Action Plan to resolve a HIPAA Privacy Rule violation. The psychiatric practice, owned by Dr. Nidagalle Gowda, inexplicably disclosed four patients’ protected health information
HIPAA
PA Therapist Fined for HIPAA Right of Access Violation
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on May 8 that David Mente, a Pittsburgh psychotherapist, has paid $15,000 to settle a violation of the HIPAA Privacy Rule. OCR has been pursuing its so-called Right of Access Initiative since 2019, as previously discussed here.
Incredibly, some healthcare…
PHE HIPAA Enforcement Discretion to Expire, Restoring Compliance Obligations
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on April 11 that the Notifications of Enforcement Discretion issued under HIPAA and the HITECH Act during the federal COVID-19 public health emergency (PHE) will expire when the PHE ends on May 11.
The four Notifications of Enforcement Discretion that will…
Arizona Hospital Pays $1.25 Million in HIPAA Settlement After Cyber Attack
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced on February 2 that Banner Health, a not-for-profit hospital system based in Arizona, has paid $1.25 million in order to settle alleged HIPAA violations in connection with a cyber attack.
The incident occurred in 2016 when a hacker gained access to…
Don’t Post Patient Info on Social Media!
I don’t know how to say it any more clearly. Somehow, medical and dental practices continue to get roped into responding to negative patient reviews on Yelp, Google, or elsewhere online, and posting any identifying information about a patient is a HIPAA violation. It’s protected health information (PHI), even if the patient posted something first.
OCR Issues Warning Bulletin on Website and App Tracking Technologies
On December 1, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued a Bulletin entitled ”Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates“ that addresses the responsibilities of HIPAA covered entities and business associates (“regulated entities”) when using online tracking technologies. Regulated entities need…
Former Hospital Employees and Kingpin Indicted for HIPAA Violations
The U.S. Department of Justice announced on November 10 that five former employees of Methodist Hospital, based in Memphis, Tennessee, were indicted by a federal grand jury for allegedly selling the names and telephone numbers of hospital patients who were involved in automobile accidents. Roderick Harvey paid them for the information and then sold it…
Former NJ Doc Pleads Guilty to HIPAA Violations
On October 7, the U.S. Attorney’s Office for the District of New Jersey announced that a former physician pleaded guilty to conspiring to wrongfully disclose patients’ protected health information to a pharmaceutical sales representative. Frank Alario, who had had numerous offices in New Jersey, Manhattan and Florida, admitted to criminal HIPAA violations in connection with…
Dermatology Practice Settles Alleged HIPAA Violations
On August 23, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced that Massachusetts-based New England Dermatology, P.C., d/b/a New England Dermatology and Laser Center (NEDLC), agreed to resolve alleged HIPAA violations for a fine of $300,640.
OCR commenced an investigation of NEDLC after the provider filed a breach report…
Conducting HIPAA Breach Assessments and Disclosures: Requirements and Tips for Success
In the next installment of Rivkin Radler’s Healthcare Compliance Lunch & Learn series, Ashley Algazi will discuss requirements and tips for success in conducting HIPAA breach assessments and making required disclosures. The program will:
• Review HIPAA breach definition
• Discuss the analysis and investigation process to determine whether a breach has occurred
• Review…