PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

2017 HIPAA Enforcement

Art E.V.Pavlov_by_Repin

  The first quarter of 2017 is not yet over and the OCR has already released details of four HIPAA enforcement penalties totaling over $11 million.  2016 set a record with $20 million in fines for the year, with $5.2 million of that coming in the first quarter.  In just the first 2 months of […]

Lessons from 2016, the Biggest HIPAA Enforcement Year on Record

HIPAA Enforcement

Time to call the Guinness Book of World Records because HHS has set a new world record in HIPAA enforcement.  2016 saw a considerable increase in HIPAA enforcement resolution agreements and monetary penalties.  At the end of 2016, the OCR logged over $20 million in fines for HIPAA violations from 15 enforcement actions with monetary […]

Is a Ransomware Attack a HIPAA Data Breach?

Ransomware - Security Awareness Training

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS). A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of […]

Lessons from the Latest HIPAA Enforcement Action

HIPAA Training OCR Enforcement

by Daniel J. Solove Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) publicized its resolution agreement in its HIPAA enforcement action against St. Elizabeth’s Medical Center (SEMC).  SEMC agreed to pay $218,000. The case began with a complaint filed with OCR back in 2012 that employees […]

The Health Data Breach and ID Theft Epidemic

By Daniel J. Solove When you go to the hospital, you might worry about catching a staph infection or pneumonia, but you should also worry about contracting a nasty case of medical identity theft. Most people suffer significant harm from medical ID theft, and few are completely cured. This ailment is spreading dramatically as data […]

The Most Alarming Fact of the HIPAA Audits

by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #5 of a series called Enforcing Privacy and Security Laws. Under the Health Insurance Portability and Accountability Act (HIPAA), various organizations can be randomly selected to be audited – even if no complaint has been issued against them and […]

The Brave New World of HIPAA Enforcement

by Daniel J. Solove Are privacy and security laws being enforced effectively? This post is post #4 of a series called Enforcing Privacy and Security Laws. The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from […]

6 Lessons from the Costliest HIPAA Settlement to Date

by Daniel J. Solove The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced the costliest HIPAA settlement to date — a $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU). The case involved the disclosure of protected health information on the Internet. Here […]