On January 14, 2021, the United States Court of Appeals for the Fifth Circuit vacated a $4.3 million civil monetary penalty that the Office for Civil Rights (“OCR”) of the Department of Health and Human Services (“HHS”) imposed against the University of Texas M.D. Anderson Cancer Center (“M.D. Anderson”). OCR ordered the penalty in 2017 … Continue Reading
On January 5, 2021, an amendment to the Health Information Technology for Economic and Clinical Health (“HITECH”) Act was signed into law. The amendment requires the U.S. Department of Health and Human Services (“HHS”) to “consider certain recognized security practices of covered entities and business associates when making certain determinations” regarding fines, audit results, or … Continue Reading
On May 8, 2020, the Federal Trade Commission (“FTC”) issued a notice soliciting public comment regarding whether changes should be made to its Health Breach Notification Rule (the “Rule”). The request for comment is part of a periodic review process “to ensure that [FTC rules] are keeping pace with changes in the economy, technology, and … Continue Reading
At the beginning of August, the D.C. Circuit found that the fact that a data breach has occurred and individual consumer information has been lost may constitute sufficient injury to confer standing on those individual victims at the pleading stage–irrespective of whether any stolen information has been misused. Specifically, Attias, et al. v. CareFirst, Inc., … Continue Reading
The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) recently announced a significant settlement with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), a business associate under HIPAA, arising from a breach of protected health information (PHI) after the theft of an employee’s iPhone. The iPhone … Continue Reading
Last week, the chairmen and ranking members of the Senate Committee on Health, Education, Labor, and Pensions and the Senate Committee on Finance sent a letter to Andy Slavitt, Acting Administrator for the Centers for Medicare & Medicaid Services (“CMS”), and Jocelyn Samuels, Director of the Health and Human Services (“HHS”) Office for Civil Rights … Continue Reading
On December 2, 2014, the Anchorage Community Mental Health Services (ACMHS) agreed to pay $150,000 under a settlement agreement with the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. ACMHS entered the settlement agreement … Continue Reading
In its Annual Report to Congress on Breaches of Unsecured Protective Health Information, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reports on both large and small breaches of protected health information (PHI), as well as breach-related settlement agreements and audits. The Office also recommends steps that covered entities should … Continue Reading
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently released two annual reports regarding compliance with the Health Insurance Portability and Accountability Act (HIPAA) and provisions enacted by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The reports indicate that HIPAA-related complaints continue to grow annually; however, … Continue Reading
