Articles and Blogs

PHI

Failure to Properly Assess Breach Risk Results in $2.175 Million Fine to Affiliated Covered Entity

[12/03/19]

Posted on December 3, 2019 in Health Information Technology

Published by: Hall Render

On November 27, 2019, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that an Affiliated Covered Entity made up of 10 hospital covered entities (“ACE Organization”) will pay a penalty of $2.175 million and enter into a two-year Corrective Action Plan (“CAP”) to settle potential violations of the Health... READ MORE

Tags: , , , , , ,

Failure to Encrypt Hardware Results in $3 Million Fine

[11/07/19]

Posted on November 7, 2019 in Health Information Technology

Published by: Hall Render

On November 5, 2019, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that a New York Medical Center (“Medical Center”) will settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) by paying a civil penalty of $3 million and entering into a Corrective Action... READ MORE

Tags: , , , , , ,

Deficient Risk Analyses, Stolen Records and Disclosure of NFL Player’s PHI Leads to $2.15 Million Penalty

[10/25/19]

Posted on October 25, 2019 in Health Information Technology

Published by: Hall Render

On October 23, 2019, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced a civil monetary penalty (“CMP”) of $2,154,000 against a nonprofit academic health system (“Health System”) for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The Notice of Proposed Determination and the Notice of... READ MORE

Tags: , , , , ,

AMCA Breach of PHI and PII

[06/07/19]

Posted on June 7, 2019 in Health Information Technology

Published by: Hall Render

American Medical Collection Agency (“AMCA”), a collection agency that works primarily with health care companies, recently announced a breach of protected health information (“PHI”) and personally identifiable information (“PII”) affecting over 19.6 million patients. Quest Diagnostics and LabCorp, both clients of AMCA, have reported that their patients have been impacted by the incident. AMCA... READ MORE

Tags: , , , , ,

Ten Types of Enforcement Actions OCR May Take Directly Against Business Associates

[06/04/19]

Posted on June 4, 2019 in Health Information Technology

Published by: Hall Render

The Office for Civil Rights (“OCR”) issued a factsheet detailing ten ways a business associate can be held directly liable for violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as provided by the Health Information Technology for Economic Clinical Health (“HITECH”) Act of 2009. Although covered entities are ultimately responsible... READ MORE

Tags: , , , ,

Repeated Breaches of ePHI Result in a $3 Million Fine, Capping Off OCR’s “Record Year” of 2018 Enforcement Actions

[02/19/19]

Posted on February 19, 2019 in Health Information Technology

Published by: Hall Render

The Office for Civil Rights (“OCR”) announced that a health system in California (the “System”) was required to pay a $3 million fine and adopt an extensive corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The System operates several hospitals, including a rehabilitation hospital... READ MORE

Tags: , , , , , , ,

OCR Announces Fine for Lack of BAA and Failure to Terminate Former Employee’s Access to PHI

[12/14/18]

Posted on December 14, 2018 in Health Law News

Published by: Hall Render

On December 11, 2018, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced that a critical access hospital in Colorado (the “Hospital”) will settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) by paying a civil penalty of $111,400 and adopting a corrective action... READ MORE

Tags: , , , , ,

Business Associate’s Data Breach Leads to $500,000 Fine for Hospitalist Group

[12/10/18]

Posted on December 10, 2018 in Health Information Technology

Published by: Hall Render

The Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced on December 4, 2018 that a hospitalist group (“Group”) that works with hospitals and nursing homes to provide internal medicine physicians has agreed to pay $500,000 and adopt a corrective action plan to settle alleged violations of the Health Insurance... READ MORE

Tags: , , , ,

Disclosing PHI to a Reporter Leads to $125,000 HIPAA Settlement

[11/29/18]

Posted on November 29, 2018 in Health Information Technology

Published by: Hall Render

The Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”), announced that a small professional association with three doctors and four locations (the “Practice”) has agreed to pay $125,000 and adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The... READ MORE

Tags: , , , ,

Hospitals Fined for Allowing Documentary Film Crews to Film Patients Without Consent

[09/24/18]

Posted on September 24, 2018 in Health Information Technology

Published by: Hall Render

The Department of Health and Human Services Office for Civil Rights (“OCR”) fined three separate hospitals a cumulative total of $999,000 to settle potential violations of HIPAA arising from allowing film crews on premises to film a reality television show without first obtaining patient authorizations. The OCR Resolution Agreement can be found here. Generally, a... READ MORE

Tags: , , , ,