OCR issues HIPAA Advisory on Covid-19 for First Responders and Dispatchers

The Office of Civil Rights (OCR) responsible for enforcement of HIPAA has issued an advisory on how HIPAA may apply to EMS and first-responders and interactions with health departments, covered entities, and dispatch.  The advisory does not change the basic rules of exchange of PHI for Treatment, Payment,  Operations, and as required by Law but … Read more

HIPAA Privacy and Novel Coronavirus

In light of the Novel Coronavirus (2019-nCoV) outbreak, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) is providing this bulletin to ensure that HIPAA covered entities and their business associates are aware of the ways that patient information may be shared under the HIPAA Privacy Rule in … Read more

Federal Court Nullifies CMS Charge Rules For Non-Patient Request For Records.

January 28, 2020 Important Notice Regarding Individuals’ Right of Access to Health Records On January 25, 2013, HHS published a final rule entitled “Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act, and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules.” … Read more

Florida Provider Pays $85,000 For Delays In Providing Records In Requested Format And Over-Charging For Copies

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services is announcing its second enforcement action and settlement under its HIPAA1 Right of Access Initiative. OCR announced this initiative earlier this year promising to vigorously enforce the rights of patients to get access to their medical records promptly, without being … Read more

OCR Secures $2.175 Million HIPAA Settlement after Hospitals Failed to Properly Notify HHS of a Breach

In an agreement with the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS), Sentara Hospitals (Sentara) have agreed to take corrective actions and pay $2.175 million to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Breach Notification and Privacy Rules.  Sentara is comprised of … Read more

Failure to Encrypt Mobile Devices Results in $3 Million HIPAA Fine

The University of Rochester Medical Center (URMC) has agreed to pay $3 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), and take substantial corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. URMC includes healthcare … Read more

Decoding OCR Messages on HIPAA Fines

With big fines being announced right along with supposed lowering of HIPAA fines, what kind of take-away should healthcare providers be receiving from these seemingly contradictory trends? On the high fines side, OCR announced the following: Touchstone Medical Imaging (“Touchstone”) has agreed to pay $3,000,000 to the Office for Civil Rights (OCR) at the U.S. … Read more

EmCare data breach compromises 60,000 employee and patient files

Florida-based EmCare has announced that an estimated 60,000 files were compromised by a hack of several employee emails.  Phishing emails are the source of a large share of patient data breaches in reported HIPAA breaches. The breach reportedly included demographic and clinical data for patients, contractors, and employees.   Social security number and driver’s licenses were … Read more