HIPAA Journal

MARCH 26, 2025

Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has confirmed that the long-awaited third phase of its HIPAA compliance audits is underway and will involve HIPAA compliance audits of 50 covered entities and business associates. There was a 306% increase in complaints between 2010 and 2023.

HIPAA 71

HIPAA Compliance Ransomware 71

Compliancy Group

JUNE 3, 2022

A recent poll of webinar attendees found that barely one-third may be HIPAA compliant, based upon responses to a single question. Conducting an annual Security Risk Analysis is one of the foundational requirements of HIPAA compliance. Look at the statistics of HIPAA violations and fines. Compliancy Group can help!

HIPAA 98

HIPAA Compliance Doctors Governance 98

HIPAA Journal

MARCH 29, 2022

The Department of Health and Human Services’ Office for Civil Rights (OCR) has announced its first financial penalties of 2022 to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA). Dental Practitioner Fined $30,000 for Noncompliance with the HIPAA Right of Access. Dr. Donald Brockley D.D.M,

HIPAA 124

HIPAA Compliance Health Insurance 124

Total HIPAA

NOVEMBER 15, 2023

As 2023 unfolds, the urgency for entities in the healthcare sector to initiate or reinforce their HIPAA compliance cannot be overstated. Prove Your Due Diligence The decision to postpone setting up comprehensive policies, procedures, and HIPAA training could be detrimental.

HIPAA 98

HIPAA Compliance Due Diligence Health Insurance 98

HIPAA Journal

DECEMBER 24, 2022

Penalties for HIPAA violations can be issued by the Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general. In addition to financial penalties, covered entities are required to adopt a corrective action plan to bring policies and procedures up to the standards demanded by HIPAA. .

HIPAA 124

HIPAA Compliance Hospitals COVID-19 124

HIPAA Journal

JUNE 29, 2023

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has agreed to settle potential HIPAA violations with the HIPAA business associate, iHealth Solutions, LLC, for $75,000. The HIPAA enforcement action shows that even relatively small data breaches can be investigated by OCR and result in a financial penalty.

HIPAA 106

HIPAA Compliance 106

HIPAA Journal

MAY 18, 2023

The Department of Health and Human Services’ Office for Civil Rights is the main enforcer of HIPAA compliance; however, state Attorneys General also play a role in enforcing compliance with the Rules of the Health Insurance Portability and Accountability Act (HIPAA). in 2011 that was settled for $100,000.

HIPAA 103

HIPAA Compliance Ransomware Hospitals 103

HIPAA Journal

APRIL 25, 2023

Five former Methodist Hospital employees have pleaded guilty to criminal violations of HIPAA for accessing and disclosing the information of patients to a third party for financial gain. The former employees were terminated for the HIPAA violations, and along with Harvey, were indicted by a federal grand jury in November 2022.

HIPAA 123

HIPAA Hospitals Compliance 123

HIPAA Journal

DECEMBER 31, 2022

All HIPAA covered entities must familiarize themselves with the HIPAA breach notification requirements and develop a breach response plan that can be implemented as soon as a breach of unsecured protected health information (PHI) is discovered. Summary of the HIPAA Breach Notification Rule.

HIPAA 122

HIPAA Compliance Ransomware 122

Healthcare IT Today

DECEMBER 13, 2023

The following is a guest article by Dotty Bollinger, JD, Healthcare Compliance Consultant, Compliancy Group The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reached a settlement with Doctors’ Management Services after the healthcare vendor succumbed to a ransomware attack. 21CO) faced a $2.3

Compliance 124

Compliance Ransomware Regulatory Compliance Doctors 124

HIPAA Journal

MARCH 17, 2023

Considering the Health Insurance Portability and Accountability Act (HIPAA) is now in its third decade, the Privacy Rule took effect 20 years ago, and compliance with the HIPAA Security Rule has been mandatory for 18 years, there have been relatively few financial penalties over the years, with just 130 imposed by OCR to resolve HIPAA violations.

HIPAA 107

HIPAA Compliance Health Insurance Governance 107

Compliancy Group

JULY 15, 2022

A 2016 hacking incident that hit Oklahoma State University’s Center for Health Sciences has led to an $875,000 HIPAA breach fine settlement to address potential violations. Background of Oklahoma State University HIPAA Breach. The university announced the HIPAA breach on January 5, 2018. failure to perform an evaluation .

HIPAA 97

HIPAA Medicaid Medicaid Compliance 97

HIPAA Journal

FEBRUARY 28, 2023

Department of Health and Human Services (HHS) has restructured its Office for Civil Rights (OCR) and has created new divisions that will help improve the enforcement of HIPAA and civil rights laws and clear the current backlog of complaints and investigations. Approximately 80% of all reported data breaches are due to hacking.

HIPAA 111

HIPAA Health Insurance Compliance 111

HIPAA Journal

JANUARY 2, 2023

The settlements pursued by the Department of Health and Human Services’ Office for Civil Rights (OCR) are for egregious violations of HIPAA Rules. Settlements are also pursued to highlight common HIPAA violations to raise awareness of the need to comply with specific aspects of HIPAA Rules. Are Data Breaches HIPAA Violations?

HIPAA 107

HIPAA Compliance Hospitals Medicare 107

Healthcare It News

DECEMBER 5, 2022

Because patient data cannot be shared under HIPAA, consumer data mining practices – which are generally criticized for lacking transparency – have long elicited medical privacy concerns. ON THE RECORD.

Fraud 294

Fraud HIPAA Compliance Hospitals 294

HIPAA Journal

JANUARY 1, 2023

The majority of HIPAA-covered entities, business associates, and healthcare employees take great care to ensure HIPAA Rules are followed, but what happens when there is accidental HIPAA. How Should Employees Report an Accidental HIPAA Violation? How Should Covered Entities Respond to an Accidental HIPAA Violation?

HIPAA 103

HIPAA Hospitals Compliance Health Insurance 103

Compliancy Group

DECEMBER 10, 2024

In early December of 2024, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced it has issued a $548,625 civil monetary penalty (CMP) against Childrens Hospital Colorado (CHC), for the latters HIPAA compliance trip-ups: violations of the HIPAA Privacy and Security Rules.

Hospitals 98

Hospitals US Department of Health and Human Services HIPAA Compliance 98

HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. This page is regularly updated to reflect the latest healthcare data breach statistics.

HIPAA 111

HIPAA Ransomware Compliance Hospitals 111

HIPAA Journal

JANUARY 6, 2023

Washington Attorney General Bob Ferguson is suing a plastic surgery provider for falsely inflating online ratings, bribing, and threatening patients, and alleges the actions of the practice violated the Health Insurance Portability and Accountability Act (HIPAA) Rules. The lawsuit was filed in the U.S.

HIPAA 100

HIPAA Health Insurance Compliance 100

HIPAA Journal

DECEMBER 14, 2022

The HHS’ Office for Civil Rights (OCR) has announced a settlement has been reached with a Californian dental practice to resolve multiple HIPAA violations that were identified during investigations of a complaint about impermissible disclosures of protected health information on the review platform Yelp.

HIPAA 106

HIPAA Compliance 106

Bill of Health

APRIL 4, 2024

Beyond the health care sector-specific Medical Devices Regulation (EU) 2017/745 (MDR) and the In Vitro Diagnostic Medical Devices Regulation (EU) 2017/746 (IVDR), this mix of AI & Data related regulatory requirements stems from a series of generalized, cross-sectoral EU laws of the last 5 years. Sectoral US Laws In the U.S.,

FDA 289

FDA Malpractice Regulatory Compliance Health Insurance 289

HIPAA Journal

FEBRUARY 2, 2023

The rule took effect in 2009, yet compliance has not been enforced. Since January 2017 more than 55 million consumers have used the GoodRx website and mobile app. GoodRx also misrepresented HIPAA compliance by displaying a seal on its telehealth services homepage falsely claiming it was in compliance with the HIPAA Rules.

Prescription Drug Pricing 111

Prescription Drug Pricing HIPAA Compliance Telemedicine 111

HIPAA Journal

MAY 9, 2023

The HHS’ Office for Civil Rights has announced its 44th enforcement action under its HIPAA Right of Access initiative with a $15,000 financial penalty for David Mente, MA, LPC, a licensed counselor that provides psychotherapy services in Pittsburgh, PA. The HIPAA Right of Access allows individuals to obtain a copy of their health information.

HIPAA 75

HIPAA Licensing Compliance 75

HIPAA Journal

APRIL 19, 2022

A study conducted by Bai, Jiang, and Flasher in 2017 found the risk of data breaches was higher at large academic medical centers than at other hospitals. The post On-the-spot Email Interventions Reduce Repeat Medical Record Snooping Incidents by 95% appeared first on HIPAA Journal.

Electronic Medical Records 134

Electronic Medical Records HIPAA Hospitals Compliance 134

Compliancy Group

SEPTEMBER 18, 2024

The HITECH Act requires the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) to conduct periodic audits of HIPAA covered entity and business associate compliance with the HIPAA Privacy, Security, and Breach Notification Rules. The scope of the program was relatively small.

HIPAA 52

HIPAA Compliance Health Insurance 52

HIPAA Trek

OCTOBER 7, 2024

The Office for Civil Rights (OCR) audits you hoped were a thing of the past—having been discontinued since 2017—are returning. All covered entities will be subject to these HIPAA audits, and they are due to start any day now. What does that mean for you as a compliance officer?

HIPAA 52

HIPAA Compliance Officers Compliance 52

Total HIPAA

SEPTEMBER 27, 2022

If you’re a Covered Entity or someone who is affected by HIPAA laws and regulations, you know as well as anyone that a data breach can have serious repercussions on your organization. The medical center reported the breach in January of 2018, stating that it occurred in November 2017, when it was about a year before that.

US Department of Health and Human Services 97

US Department of Health and Human Services HIPAA Compliance 97

HIPAA Journal

JULY 3, 2024

A Seattle, WA, plastic surgery practice has been ordered to pay a financial penalty of $5 million to the Office of the Washington Attorney General to resolve alleged violations of the Health Insurance Portability and Accountability Act (HIPAA), Washington Consumer Protection Act (CPA), and the federal Consumer Review Fairness Act (CRFA).

HIPAA 117

HIPAA Health Insurance Doctors Compliance 117

Compliancy Group

MAY 8, 2023

The latest fine under the HIPAA Right of Access Initiative was issued to a sole practitioner mental health service provider. In December 2017, a personal representative (father) filed a complaint against David Mente, MA, LPC, after Mente failed to provide him with the medical records of his three minor children. Find Out More!

HIPAA 52

HIPAA Compliance 52

HIPAA Journal

JANUARY 31, 2024

As the chart shows, healthcare security breaches are occurring twice as often as in 2017/2018, with two large healthcare data breaches reported each day on average in 2023. To meet the breach reporting requirements of the HIPAA Breach Notification Rule, OCR must be notified within 60 days of the discovery of a data breach.

Ransomware 128

Ransomware HIPAA Hospitals Compliance 128

HIPAA Journal

OCTOBER 21, 2022

In 2017, data breaches were being reported at a rate of one per day. HIPAA-Regulated Entities Affected by Data Breaches. HIPAA-regulated entities in 22 states reported data breaches in September. HIPAA Enforcement Activity in September. While the number of reported data breaches increased by 28.6% Hardy, D.D.S.,

Ransomware 120

Ransomware HIPAA Compliance Hospitals 120

Compliancy Group

OCTOBER 31, 2022

HIPAA requires healthcare organizations to report security incidents to the Office for Civil Rights (OCR). HIPAA defines a security incident as “ the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.”. We can help!

HIPAA 52

HIPAA Ransomware Compliance Hospitals 52

HIT Consultant

JUNE 20, 2023

Ben Herzberg, Chief Scientist of Satori The latest report from the Office of Civil Rights (OCR) reveals a concerning trend: HIPAA violations and data breaches are drastically increasing. Yet, the healthcare sector still struggles in safeguarding this data and staying compliant with HIPAA amid the growing threat of cyber attacks and breaches.

HIPAA 93

HIPAA Compliance Medical Billing 93

Compliancy Group

APRIL 25, 2022

Even when you do the best you can to comply with HIPAA regulations, violations and breaches may occur. What happens after a HIPAA complaint is filed? Common Violation Examples – What Happens After a HIPAA Complaint is Filed? Common Violation Examples – What Happens After a HIPAA Complaint is Filed? Safeguards.

HIPAA 52

HIPAA Compliance Ransomware 52

Compliancy Group

MARCH 3, 2023

In February 2023, the HHS Office for Civil Rights released two reports to Congress, one of which discusses HIPAA complaints ( HIPAA Privacy, Security, and Breach Notification Rule Compliance ) and the other discussing healthcare breaches ( Breaches of Unsecured Protected Health Information ). Close What Happened to HIPAA Audits?

HIPAA 52

HIPAA Compliance 52

Compliancy Group

FEBRUARY 7, 2022

Does a HIPAA compliant password manager even exist? We will look at what the HIPAA regulations say about passwords, what to consider when comparing your options, and give a brief overview of a few of the better-known applications on the market. What Does the Law Say About a HIPAA Compliant Password Manager. Learn More! ×

HIPAA 52

HIPAA Compliance 52

Health Care Performance

AUGUST 16, 2022

The HIPAA Security Rule requires covered entities and business associates to complete a HIPAA Security Risk Analysis, and to periodically update it. When investigating a breach, the OCR also reviews the organization’s compliance with the HIPAA Security Rule. What’s your HIPAA breach risk tolerance?

HIPAA 52

HIPAA Ransomware Fraud Compliance 52