Days after my recent blog post on the HIPAA Right of Access, the OCR released details of their first enforcement action for violation of the Right of Access. The complaint, received in August 2018, involved a mother who waited over 9 months to receive prenatal records from Bayfront Health in St. Petersburg. She requested the […]
Category: OCR
Posts about OCR by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
The Failure of HIPAA’s Right of Access
One of the biggest sore spots in HIPAA compliance has been providing individuals with their right to access their medical records. In addition to the countless anecdotal accounts about the painful process of getting medical records, a recent study demonstrated just how far there is to go for providers to be in compliance. More than […]
HIPAA Enforcement 2018
Last year was a record-setting year for HIPAA enforcement. On HHS’s website, OCR has touted its 2018 enforcement: OCR has concluded an all-time record year in HIPAA enforcement activity. In 2018, OCR settled 10 cases and secured one judgment, together totaling $28.7 million. This total surpassed the previous record of $23.5 million from 2016 by […]
HIPAA Enforcement: Employee Access and BAAs Matter
Pagosa Springs Medical Center (PSMC) has agreed to pay $111,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) for an alleged violation of HIPAA. OCR found that the company failed to deactivate a former employee’s access to a web-based calendar that contained the protected health information […]
Vendor Management Matters: HIPAA Enforcement for $500K for Lack of a Business Associate Agreement
Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) for an alleged violation of HIPAA. OCR found that the company shared protected health information (PHI) with an unknown vendor without a business associate agreement (BAA). According to […]
HIPAA Enforcement Case – Allergy Associates
Allergy Associates of Hartford has agreed to pay $125,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) for an alleged violation of HIPAA. The incident occurred in February 2015. A patient reached out to a local TV station about a dispute with a doctor at Allergy Associates. […]
HIPAA Whiteboard and HIPAA Interactive Whiteboard
Recently, I created two new HIPAA training resources. HIPAA Whiteboard I created a 1-page visual summary of HIPAA, which I call the HIPAA Whiteboard. The idea was to summarize HIPAA in a concise and visually-engaging way. You can download a PDF handout version here. We’ve been licensing it to many organizations for training and awareness purposes. […]
HIPAA Enforcement Case – Filefax
This week the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced an agreement to settle HIPAA violations with Filefax, located in Northbrook, Illinois. One aspect was different than their usual settlement process in that Filefax closed the business down during the OCR investigation and was no longer operating when […]
HIPAA Enforcement 2017: Another Big Year for HIPAA Enforcement
At the end of 2017, the OCR logged just under $20 million in fines for HIPAA violations from 10 enforcement actions with monetary penalties. In 2016, the total in penalties was roughly the same amount but from 15 organizations. Here is an overview of the resolution agreements and enforcement actions with civil monetary penalties from […]
Why Is HIPAA Data Breach Enforcement Increasing? An Insurer’s View from Katherine Keefe
Recently, HIPAA enforcement over data breaches is increasing – a lot. This year has seen some of the largest monetary penalties. Why is this happening? I had the chance to interview Katherine Keefe, who leads the Beazley Breach Response (BBR) Services Group. I am particularly interested in the insurer’s perspective, so I interviewed Katherine.