Data Law Insights

Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Tag Archives: OCR

New OCR Settlement Targets Safety Net Provider on Security Rule Deficiencies

Posted in Cybersecurity / Data Security, Information Management
On Wednesday, the U.S. Department of Health and Human Services, Office for Civil Rights announced a $400,000 settlement with Metro Community Provider Network arising from MCPN’s alleged failure to implement adequate security management processes to safeguard electronic protected health information in accordance with the Health Insurance Portability and Accountability Act Security Rule. This settlement followed… Continue Reading

Join us for an ABA Webinar on Evolving HIPAA Issues: Cloud, Mobile Apps, Access, and More

Posted in Cloud Computing, Health IT
Please join Crowell & Moring’s Jodi Daniel and Elliot Golding on January 31, 2017 for an ABA webinar called Evolving HIPAA Issues: Cloud, Mobile Apps, Access, and More This in-person panel discussion (with simultaneous webinar broadcast) will provide perspectives from the HHS Office for Civil Rights (OCR), the former director of the HHS Office of… Continue Reading

OCR Announces Major HIPAA Enforcement Initiative

Posted in Cybersecurity / Data Security, Data Breach, Health IT
The Department of Health & Human Services Office of Civil Rights (“OCR”) announced on August 18, 2016 that it is stepping up enforcement actions related to small breaches.  Although OCR investigates all reported breaches affecting more than 500 people, this new initiative will increase investigations of breaches affecting fewer than 500 people.  As OCR recognizes,… Continue Reading

OCR Announces Phase 2 of HIPAA Audits

Posted in Data Breach, Government Agencies
The Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) has finally announced it is starting Phase 2 of its audit program.  OCR previously conducted a pilot audit of 115 Covered Entities in 2011-2012 to assess controls and processes.  Building on that experience, OCR will target approximately 200 Covered Entities and Business… Continue Reading

OCR Announces $1.5M Settlement

Posted in Data Breach
OCR just announced another huge settlement.  The $1.5 million settlement with North Memorial Health Care is based on the alleged failure to enter into a business associate agreement and alleged failure to conduct a risk analysis.  The investigation started (as many OCR settlements often do) after OCR received a breach report regarding a stolen laptop… Continue Reading

OCR Announces Third HIPAA Settlement in Three Weeks

Posted in Cybersecurity / Data Security, Data Breach
On Monday, the HHS Office of Civil Rights (OCR) released its third resolution and settlement agreement in as many weeks.  The $750,000 settlement with the University of Washington Medicine (“UWM”) is yet another citing the alleged failure to conduct an enterprise-wide risk analysis as required by the HIPAA Security Rule.  As part of the settlement,… Continue Reading

HHS-OCR Announces First Settlement Involving Medical Device Security Issues

Posted in Data Breach
The day before Thanksgiving, the HHS Office of Civil Rights (OCR) announced its first settlement involving a reported data breach implicating security of medical devices used in the hospital setting. OCR’s $850,000 settlement and resolution agreement with Lahey Hospital and Medical Center (LHMC) stem from the theft of a laptop workstation used to operate and… Continue Reading