Header graphic for print
HealtHITech Law HIPAA, HITECH and Beyond

Category Archives: Breach

Subscribe to Breach RSS Feed

Reminder: Report 2016 HIPAA Breaches By March 1, 2017

Posted in Breach

Covered entities which experienced a HIPAA breach in calendar year 2016 are required to report all such breaches affecting fewer than 500 individuals to OCR by Wednesday, March 1, 2017. The reports must be submitted via OCR’s online portal, available here. This yearly reporting obligation is in addition to the requirement to report large breaches — those… Continue Reading

Untimely Breach Notification Leads to Significant HIPAA Settlement

Posted in Breach, Enforcement

The U.S. Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) recently announced its first HIPAA settlement based on the untimely reporting of a breach of unsecured protected health information (“PHI”). Chicago-based Presence Health System (“Presence Health”) agreed to settle potential violations of the HIPAA Breach Notification Rule by paying $475,000.00 and implementing a… Continue Reading

HIPAA Breach Reports Trigger Investigations, Significant Settlements

Posted in Breach, Business Associate, Enforcement

The Office for Civil Rights (OCR) has announced two more significant HIPAA settlements involving covered entities. Both settlements were the result of investigations triggered by breach reports involving laptop thefts. And as is often the case, the investigations uncovered numerous HIPAA compliance issues above and beyond those which led to the breach. North Memorial Health Care… Continue Reading

Reminder: Deadline for Reporting 2015 HIPAA Breaches Fast Approaching

Posted in Breach

Covered entities which experienced a HIPAA breach in calendar year 2015 are required to report all such breaches affecting fewer than 500 individuals to OCR by Monday, February 29, 2016. The reports must be submitted via OCR’s online portal, available here. This yearly reporting obligation is in addition to the requirement to report large breaches — those… Continue Reading

OCR Enforcement Results In Three HIPAA Settlements

Posted in Breach, Enforcement, OCR Audits

Many thanks to our colleagues Jonathan Ishee and Shannon Majoras for authoring this post. Recently the Department of Health and Human Services Office for Civil Rights (OCR) announced three settlements to resolve investigations into potential violations of the Health Insurance Portability and Accountability Act (HIPAA). OCR reached settlements with two academic medical centers, the Lahey… Continue Reading

Largest HIPAA Settlement Announced by HHS

Posted in Breach, Enforcement

Many thanks once again to our colleague, Robin Canowitz, for authoring this post. In the largest HIPAA settlement yet to be announced, two New York organizations have agreed to pay $4.8 million to settle allegations that they failed to secure the electronic health information (ePHI) of thousands of their patients.  New York Presbyterian Hospital (NYP) and… Continue Reading

Unencrypted Laptops Result In Significant HIPAA Fines

Posted in Breach, Enforcement

In April 2014, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) continued to emphasize the importance of encryption in maintaining the confidentiality and security of protected health information (“PHI”), especially in addressing and mitigating the significant risk to PHI posed by unencrypted laptops and other mobile devices. On April 22,… Continue Reading

Dermatology Practice Hit With $150,000 HIPAA Penalty

Posted in Breach, Enforcement

2013 ended like it started – with OCR actively monitoring and enforcing health care provider HIPAA compliance.  On December 26, 2013, OCR imposed a $150,000 penalty and a corrective action plan upon a Massachusetts dermatology physician practice arising out of a self-reported HIPAA breach.   See Resolution Agreement. In October 2011, Adult & Pediatric Dermatology, P.C. of… Continue Reading