OIG Report on HIPAA Breach Notification Recommends Improved Follow-Up of Small Breaches

In addition to the recent report on the Office of Civil Rights’ (OCR) Oversight of the HIPAA Privacy Rule, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) also issued a report titled “OCR Should Strengthen Its Follow-up of Breaches of Protected Health Information Reported by Covered Entities”. Among its findings in the report, the OIG noted that OCR was investigating all “large” breaches reported pursuant to the Breach Notification Rule, but was not… Read More >

Study on Aftermath of Data Breaches Provides Helpful Insight for HIPAA Breach Notification

A recently published study on The Aftermath of a Mega Data Breach:  Consumer Sentiment was performed by the Ponemon Institute and sponsored by Experian Data Breach Resolution.  The purpose of the study was to explore consumer sentiments following a data breach.  While the report did not focus exclusively on HIPAA Breach Notification, the findings of this study are useful for HIPAA covered entities responding to a HIPAA breach.  Consumers reported that 15% of the breach notifications that they received were… Read More >

OCR Annual Report to Congress on HIPAA Breaches: Theft, Loss and Unauthorized Access to PHI Continue to Be Concerns

The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) recently submitted its annual HIPAA breach notification report to Congress as required by the HITECH Act for years 2011 and 2012.  The report discussed both large HIPAA breaches (involving greater than 500 people, which must be reported to OCR within 60 days) and smaller HIPAA breaches (involving less than 500 people, which must be reported to OCR annually).  The report showed that the greatest number… Read More >

OCR Announces HIPAA Settlements Related to Theft of Unencrypted Laptops: 4 Important Lessons to Take Away

Two HIPAA settlements were announced April 22, 2014 by the Department of Health and Human Services Office of Civil Rights (OCR).  The settlements for alleged violations of the HIPAA Privacy and Security Rules for Concentra Health Services and QCA Health Plan of Arkansas collectively totaled $1,975,220. According to the OCR press release, the review of Concentra Health Services resulted from a breach report involving the theft of an unencrypted laptop from the company’s Springfield Missouri Physical Therapy Center.  OCR stated… Read More >