Articles and Blogs

On October 15, 2018, the Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced that it had reached a record $16 million settlement with Anthem arising out of alleged violations of the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The settlement comes... READ MORE

The Department of Health and Human Services Office for Civil Rights (“OCR”) fined three separate hospitals a cumulative total of $999,000 to settle potential violations of HIPAA arising from allowing film crews on premises to film a reality television show without first obtaining patient authorizations. The OCR Resolution Agreement can be found here. Generally, a... READ MORE

Under the Breach Notification Rule, HIPAA covered entities are required to submit reports of certain breaches of unsecured protected health information (“PHI”) affecting fewer than 500 individuals to the Office for Civil Rights (“OCR”) on an annual basis. Covered entities must submit their breaches electronically through OCR’s breach notification web page, which can be... READ MORE

On August 4, the Office for Civil Rights (“OCR”) announced a $5.55 million settlement with the largest fully integrated health care system in Illinois. The settlement is the largest HIPAA settlement ever by a single entity and follows two recent settlements with university health systems in Oregon and Mississippi that were $2.7 million and... READ MORE

The Office for Civil Rights (“OCR”), Department of Health and Human Services (“HHS”), emailed notices to 167 covered entities on July 11, 2016 informing them they were selected for a HIPAA Phase II audit. Health care providers, health plans and health care clearinghouses were randomly selected by OCR from the audit pool. If your organization... READ MORE

On April 21, 2016, the Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced a $2.2 million settlement with a New York hospital (“Hospital”) stemming from unauthorized patient filming by ABC’s NY Med television show. In what OCR called an egregious disclosure of protected health information (“PHI”) in violation of... READ MORE

On April 19, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) reached a settlement in the amount of $755,000 with a North Carolina orthopedic clinic (“Clinic”) for failing to execute a business associate agreement with a third-party vendor. This is OCR’s second settlement this year related to business... READ MORE

On January 7, 2016, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) released new guidance clarifying an individual’s right to access his or her medical record under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). On February 25, 2016, OCR released additional guidance explaining the permissible reasonable cost-based... READ MORE

Starting at the beginning of 2016, the Equal Employment Opportunity Commission (“EEOC”) has changed its procedures when it comes to employer position statements submitted in response to charges of discrimination. Now, the EEOC will release complete employer position statements and attachments to any charging party and their attorney who request release. In the past, the... READ MORE

For years, companies in the United States have relied on a Safe Harbor to the EU Directives (the stringent privacy requirements imposed by the European Union) to qualify for the ability to transfer protected data between EU countries and the United States. Today, however, the European Court of Justice ruled that the agreement between... READ MORE