OCR Announces $650,000 HIPAA Settlement Related to Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI

On June 30, 2016, Department of Health and Human Services’ Office for Civil Rights announced a $650,000 settlement and corrective action plan with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS). The press release indicates that CHCS was a business associate of six skilled nursing facilities for which it provided management and information technology services. CHCS experienced a breach when a CHCS-issued employee iPhone was stolen. The press release indicates that the iPhone, which was unencrypted and not… Read More >

Recent 3.9 Million HIPAA Settlement Over Improper Disclosure of Research Participant PHI Highlights Need for HIPAA Compliance

On March 17, 2016, the Department of Health and Human Services Office for Civil Rights (OCR) announced a $3.9 million settlement with Feinstein Institute for Medical Research for potential violations of the HIPAA Security Rules. OCR began an investigation after Feinstein filed a breach report indicating that a laptop computer containing electronic protected health information (ePHI) of approximately 13,000 patients and research participants was stolen from an employee’s car. The ePHI at issue included research participant names, dates of birth,… Read More >

3 Helpful Lists in ONC HIPAA Guide to Privacy and Security

In April 2015, the Office of the National Coordinator for Health Information Technology released a Guide to Privacy and Security of Electronic Health Information (“the Guide”) available on healthit.gov.  The Guide is particularly aimed at helping health care providers who are HIPAA Covered Entities and are participating in the EHR Meaningful Use program. While much of the information in the Guide is available in other locations, such as regulatory text or FAQs on the OCR’s HIPAA website, the Guide appears… Read More >

County Governments Deal with HIPAA Breaches Impacting Thousands

Two county governments are dealing with the consequences of HIPAA Security breaches affecting thousands of individuals.  Skagit County, Washington and Los Angeles County, California both recently experienced HIPAA Security breaches resulting in penalties, breach notification expenses and unwanted negative publicity. In a recent press release, the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) announced that Skagit County, Washington agreed to settle several potential HIPAA violations involving public access to electronic protected health information (ePHI). OCR… Read More >