In its first enforcement action of 2021, on January 12th, the United States Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) announced it settled with Banner Health its fourteenth enforcement action as part of its HIPAA Right of Access Initiative (the “Initiative”). OCR announced the Initiative in 2019 to ensure individuals can easily and timely access their health information at a reasonable cost under the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Rule. In 2020, OCR announced eleven settlements as part of the Initiative including most recently against a primary care provider. The Initiative has resulted in settlements with all sizes of providers.
The legislation directs HHS to take into account a covered entity’s or business associate’s use of industry-standard security practices within the course of 12 months, when investigating and undertaking HIPAA enforcement actions, or other regulatory purposes.
OCR has settled its thirteenth enforcement action under the HIPAA Right of Access Initiative, which involved a primary care physician practicing in the State of Georgia. The physician must pay a Resolution Amount of $36,000.00 and implement a two year Corrective Action Plan following the OCR’s second investigation.
HHS has proposed several important changes to the HIPAA Privacy Rule to bring it in line with HHS’s Sprint Toward Coordinated Care initiative. These proposed changes are not yet final. Comments on the proposed rules are due within 60 days of their publication in the Federal Register. Reducing the time that covered entities have to […]
The proposed changes to the HIPAA Privacy Rule include strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or […]
According to the U.S. Department of Health & Human Services’ Breach Portal, sometimes called the “Wall of Shame,” 418 breaches of HIPAA were reported in 2019. Some 34.9 million Americans had their protected health information (PHI) compromised. How is this still happening? Healthcare companies and practices make the biggest mistake by believing human behavior can […]
Riverside Psychiatric Medical Group (“RPMG”) has agreed to take corrective actions and pay $25,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard. RPMG, based in Riverside, California, is a group practice specializing in child and adolescent psychiatry, geriatric psychiatry, neuropsychiatry, psychology, and substance use disorders. OCR received a complaint […]
My wife works as an Administrative Assistant at a local private school. As you might expect, they take very seriously their responsibility to help stop the spread of COVID-19 in the community. As part of their efforts, they require students who were in direct contact with persons diagnosed with COVID-19 to quarantine at home, away […]
Regulatory bodies continue to impose severe penalties on covered entities who fail to protect patient data from unauthorized disclosure. Community Health Systems, Inc. recently settled claims with HHS Office of Civil rights resulting from a 2014 data breach that exposed personal information of approximately 6.1 million patients for $2.3 million. But settlement with the federal […]
Since 2019, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) has been prioritizing enforcement actions against covered entities that do not allow patients timely access to their health records at a reasonable cost as required by HIPAA. This month, OCR settled an eighth investigation for $160,000 and […]