Health Law Gurus

Health Law Gurus

Health Law: News,
Commentary & Insights

Category Archives: Covered Entities

Subscribe to Covered Entities RSS Feed

Time is of the Essence When Reporting a Breach of PHI

Posted in Business Associates, Covered Entities, HIPAA, Privacy, Security
The failure to timely report a breach of unsecured protected health information (PHI) has cost Presence Health (one of the largest health systems in Illinois) almost half of a million dollars. Earlier this month, Presence Health agreed to pay $475,000 and enter into a corrective action plan (CAP) with the Office for Civil Rights (OCR)… Continue Reading

Record-Breaking HIPAA Settlement Sends Strong Message to Covered Entities

Posted in Covered Entities, HIPAA, Privacy, Security
This month marked the largest HIPAA settlement to-date for a single entity. Advocate Health Care Network (“Advocate”) agreed to pay $5.5 million and adopt a corrective action plan after an investigation by the Department of Health and Human Services’ Office for Civil Rights (“OCR”) revealed that Advocate’s widespread noncompliance with the requirements of HIPAA affected… Continue Reading

HIPAA Compliance Is a Health Care Entity’s Secret Weapon in Preventing and Combating Ransomware Attacks

Posted in Business Associates, Covered Entities, Cybersecurity, HIPAA, Privacy, Security
One of the fastest growing areas of cybercrime is ransomware. Ransomware is a type of malicious software that encrypts data and makes it inaccessible to authorized users. The hackers who orchestrate ransomware attacks demand that authorized users pay a ransom in order to obtain the key to decrypt their data. Payment is generally required to… Continue Reading

Breach of ePHI Results in $2.7 Million Fine

Posted in Business Associates, Covered Entities, HIPAA, Security
Oregon Health & Science University (“OHSU”) has paid $2.7 million to the U.S. Department of Health and Human Services, Office for Civil Rights (“OCR”) to settle allegations that it violated the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). OHSU must also comply with a three-year corrective action plan. OCR began an investigation of… Continue Reading

Spring Showers Bring HIPAA Breaches

Posted in Business Associates, Covered Entities, HIPAA, Privacy, Security
OCR has announced several recent settlement agreements to resolve violations of the Health Insurance Portability and Accountability Act (“HIPAA”). These settlement amounts range from $25,000 to $3.9 million dollars and illustrate a range of mistakes that health care providers make with respect to their HIPAA compliance. This post briefly summarizes OCR’s findings with respect to… Continue Reading

SOS Answered: New Guidance on HIPAA for App Developers

Posted in Business Associates, Compliance Issues, Covered Entities, HIPAA, Technology, Trends
Amidst criticism that the Health Insurance Portability and Accountability Act (“HIPAA”) lags behind technological innovation, the Office for Civil Rights (“OCR”) released new guidance to aid app developers in determining how HIPAA may apply to the products they are building and developing. OCR explained that the guidance is intended to “reduce some of the uncertainty… Continue Reading

Ask the Health Law Gurus™: What Is a Civil Monetary Penalty and How Is It Different from an OCR Settlement?

Posted in Ask the Health Law Gurus™, Business Associates, Covered Entities, HIPAA, Privacy, Security
The Health Law Gurus™ are here to help you stay current on issues and breaking news in health law. To help you stay up-to-date, we are excited to announce our new segment, “Ask the Health Law Gurus™.” Each month, we will select a reader’s question and answer it here, on the Health Law Gurus™ blog.… Continue Reading

Historic Moment: Husband Reports Wife’s HIPAA Violation Triggering Six Figure Penalty Against Employer

Posted in Covered Entities, HIPAA, Privacy, Security
For the second time in history, the Office for Civil Rights (“OCR”) has imposed a civil monetary penalty (“CMP”) against a covered entity for violations of the Health Insurance and Portability Act (“HIPAA”). Lincare, Inc., a provider of respiratory care, infusion therapy, and medical equipment to in-home patients, is required to pay a $239,800 CMP… Continue Reading

High Cost of HIPAA Violations Demonstrated in $3.5 Million Settlement

Posted in Business Associates, Covered Entities, HIPAA, HITECH, Privacy, Security
Triple-S Management Corporation (“Triple-S”), on behalf of its wholly-owned subsidiaries, Triple-S Salud, Inc., Triple-C, Inc., and Triple-S Advantage, Inc., has agreed to pay $3.5 million as part of a Resolution Agreement with the Department of Health and Human Services Office of Civil Rights (“OCR”) (“Resolution Agreement”). The Resolution Agreement settled all potential liabilities related to… Continue Reading

OCR Audits to Begin in 2016

Posted in Business Associates, Covered Entities, HIPAA, HITECH, Privacy, Security
Beginning in 2016, the United States Department of Health and Human Services’ Office for Civil Rights (OCR) will conduct another round of audits to gauge compliance with privacy provisions in the Health Insurance Portability and Accountability Act (HIPAA). This announcement comes in the wake of criticism leveled against OCR for inconsistencies enforcing the HIPAA Rules.… Continue Reading

Physician Group Practice Pays $750,000 for Breach of Unsecured Electronic Protected Health Information on Electronic Device

Posted in Covered Entities, HIPAA, Privacy, Security
Cancer Care Group, P.C. (“CCG”), a radiation oncology physician group practice in Indiana, agreed to pay $750,000 for a breach of unsecured electronic protected health information (“ePHI”). CCG will also implement a corrective action plan. The breach occurred in 2012 when a CCG employee’s unattended laptop bag was stolen from a car. The laptop bag contained… Continue Reading

Hospital Pays $218,400 to OCR for HIPAA Violations

Posted in Compliance Issues, Covered Entities, HIPAA, Privacy, Security
St. Elizabeth’s Medical Center (“SEMC”), a tertiary care hospital in Brighton, Massachusetts, has agreed to pay $218,400 to the Office for Civil Rights (“OCR”) to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). SEMC will also implement a corrective action plan. The settlement stems from a 2012 complaint to… Continue Reading

Revised Guidance for Privacy and Security of Electronic Health Information Released by Government

Posted in Business Associates, Covered Entities, EHR, HIPAA, Privacy, Security
The Office of the National Coordinator for Health Information Technology (“ONC”) has released a revised Guide to Privacy and Security of Electronic Health Information (the “Guide”), which is intended to be a resource for small and medium-sized health care providers, health IT and other information technology professionals, and business associates regarding federal health information privacy… Continue Reading

Pharmacy Pays $125,000 for Failure to Properly Dispose of Paper Records

Posted in Compliance Issues, Covered Entities, HIPAA, Privacy, Security
Cornell Prescription Pharmacy (“CPP”), a Colorado single-location pharmacy, has agreed to pay $125,000 to the United States Department of Health and Human Services, Office for Civil Rights to settle alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). CPP will also adopt a two-year corrective action plan. The settlement is the… Continue Reading

News from the Health Law Gurus™: Week of January 11, 2015

Posted in Affordable Care Act (ACA), Business Associates, Covered Entities, HIPAA, Legislation, Privacy, Uncategorized
News from the Health Law Gurus™ is a weekly summary of notable health law news from around the country with helpful links to related content. Check back every week for the latest health law news stories. Top Five Resolutions for Covered Entities and Business Associates in 2015 – The New Year is here. It is… Continue Reading

TOP FIVE RESOLUTIONS FOR COVERED ENTITIES AND BUSINESS ASSOCIATES IN 2015

Posted in Business Associates, Compliance Issues, Covered Entities, HIPAA
The New Year is here. It is time to make those 2015 resolutions, and not just those for getting fit and healthy. Resolve now to improve your organization’s compliance with the Health Insurance Portability and Accountability Act (“HIPAA”).   HIPAA requires entities that create, receive, maintain, or transmit protected health information (“PHI”) to protect that… Continue Reading