Blog - HIPAA Training

The HHS Office for Civil Rights resolves a HIPAA case with Memorial Healthcare System regarding patient access to medical records.

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced a settlement with Memorial Healthcare System, also known as South Broward Hospital District, a Florida-based health system, for a potential violation of the HIPAA Privacy Rule. The case stems from a complaint alleging that Memorial Healthcare System failed to provide timely access to an individual’s protected health information (PHI), as required by the HIPAA Right of Access provisions. These provisions mandate that individuals or their representatives must receive access to their health records promptly and at a reasonable cost. OCR’s investigation concluded that Memorial Healthcare [...]

The HHS Office for Civil Rights resolves a HIPAA case with Memorial Healthcare System regarding patient access to medical records.NuLLFiX

HHS Office for Civil Rights Resolves HIPAA Phishing Cybersecurity Case with Solara Medical Supplies, LLC for $3,000,000

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced a $3,000,000 settlement with Solara Medical Supplies, LLC (Solara), a provider and distributor of diabetes care products, following potential violations of the HIPAA Security Rule and Breach Notification Rule. This settlement resolves an investigation into a phishing attack that compromised the electronic protected health information (ePHI) of over 114,000 individuals. OCR is responsible for enforcing the HIPAA Privacy, Security, and Breach Notification Rules, which mandate that covered entities and their business associates protect the privacy and security of protected health information (PHI). The HIPAA Security [...]

HHS Office for Civil Rights Resolves HIPAA Phishing Cybersecurity Case with Solara Medical Supplies, LLC for $3,000,000NuLLFiX

HHS Office for Civil Rights Resolves HIPAA Ransomware Cybersecurity Case with $10,000 Settlement

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced a settlement with Northeast Surgical Group, P.C. (NESG), a Michigan-based provider of surgical services, for potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. OCR oversees the enforcement of the HIPAA Privacy, Security, and Breach Notification Rules, which are designed to protect the privacy and security of protected health information (PHI) by setting compliance standards for covered entities and business associates. The HIPAA Security Rule establishes national safeguards—administrative, physical, and technical—to ensure the confidentiality, integrity, and security of electronic PHI (ePHI). [...]

HHS Office for Civil Rights Resolves HIPAA Ransomware Cybersecurity Case with $10,000 SettlementNuLLFiX

HHS OCR has fined Virtual Private Network Solutions, LLC, a HIPAA business associate, $90,000 for failing to comply with the requirements of the HIPAA Security Rule.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced a $90,000 settlement with Virtual Private Network Solutions, LLC (VPN Solutions), a Virginia-based business associate that provides data hosting and cloud services to covered entities and other business associates. This settlement addresses potential violations of the HIPAA Security Rule, which sets national standards for safeguarding electronic protected health information (ePHI). The investigation stemmed from a ransomware attack on VPN Solutions' systems. OCR Director Melanie Fontes Rainer emphasized the importance of proactive security measures, stating, “An accurate and thorough risk analysis is foundational to both HIPAA [...]

HHS OCR has fined Virtual Private Network Solutions, LLC, a HIPAA business associate, $90,000 for failing to comply with the requirements of the HIPAA Security Rule.NuLLFiX

A HIPAA business associate has been fined $337,750 for failing to comply with the requirements of the HIPAA Security Rule.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced today a $337,750 settlement with USR Holdings, LLC (USR), a Florida-based business associate, for violations of the HIPAA Security Rule. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which establish the requirements that covered entities and business associates must follow to safeguard protected health information (PHI). The HIPAA Security Rule mandates national standards to ensure the confidentiality, integrity, and availability of electronic PHI (ePHI) through administrative, physical, and technical safeguards. This settlement follows an investigation into a breach where ePHI was deleted by an [...]

A HIPAA business associate has been fined $337,750 for failing to comply with the requirements of the HIPAA Security Rule.NuLLFiX

Elgon Information Systems was fined $80,000 by the OCR for failing to conduct a risk analysis as required under the HIPAA Security Rule.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced today that Elgon Information Systems (Elgon), a Massachusetts-based company providing electronic medical record and billing support services to covered entities, has agreed to an $80,000 settlement for violations of the HIPAA Security Rule. OCR enforces HIPAA's Privacy, Security, and Breach Notification Rules, which outline the responsibilities of covered entities—such as health plans, healthcare clearinghouses, and healthcare providers—and their business associates in safeguarding protected health information (PHI). The HIPAA Security Rule establishes national standards to protect electronic PHI (ePHI) through administrative, physical, and technical safeguards. This settlement [...]

Elgon Information Systems was fined $80,000 by the OCR for failing to conduct a risk analysis as required under the HIPAA Security Rule.NuLLFiX

Navigating HIPAA Compliance: The Best Course for Non-IT Professionals

Following is one of the frequently asked questions over the phone: I have been given additional responsibility for acting as a HIPAA compliance officer for my company. I am not an IT professional, so which course will be right for me, and why? Congratulations on your new role as a HIPAA Compliance Officer! As you embark on this critical responsibility, you must ensure you're well-prepared with the proper knowledge and training to help your organization comply with HIPAA regulations. The role of a HIPAA Compliance Officer involves overseeing the protection of Protected Health Information (PHI), managing security policies, conducting staff training, [...]

Navigating HIPAA Compliance: The Best Course for Non-IT ProfessionalsNuLLFiX

Health Care Clearinghouse, Inmediata Health Group, Fined $250,000 for HIPAA Impermissible Disclosure, HIPAA Security Rule failures

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Inmediata Health Group, LLC (Inmediata), a health care clearinghouse, over potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. This follows a complaint to OCR that HIPAA-protected health information was accessible to search engines like Google on the internet. "Health care entities must ensure that patient health information is not left accessible online to anyone with an internet connection," said OCR Director Melanie Fontes Rainer. "Effective cybersecurity requires being proactive and vigilant in identifying risks and [...]

Health Care Clearinghouse, Inmediata Health Group, Fined $250,000 for HIPAA Impermissible Disclosure, HIPAA Security Rule failuresNuLLFiX

Children’s Hospital Colorado Fined $548,265 for HIPAA Privacy and Security Rules Violations by OCR

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a civil monetary penalty of $548,265 against Children’s Hospital Colorado for violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. These violations were reported in breach reports received in 2017 and 2020, relating to email phishing and cyberattacks. OCR is responsible for enforcing the HIPAA Privacy, Security, and Breach Notification Rules, which outline the requirements that covered entities (such as health plans, health care clearinghouses, and most health care providers), and business associates must follow to protect the [...]

Children’s Hospital Colorado Fined $548,265 for HIPAA Privacy and Security Rules Violations by OCRNuLLFiX

HIPAA Security Rule Violations Penalty of $1.19 Million Impose by OCR on Gulf Coast Pain Consultants

Today, the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) announced a $1.19 million civil monetary penalty against Gulf Coast Pain Consultants, LLC, operating as Clearway Pain Solutions Institute in Florida. This penalty comes in response to violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule following a breach report indicating that a former contractor had improperly accessed their electronic records system. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which outline the requirements that health plans, healthcare clearinghouses, most healthcare providers, and their business associates must [...]

HIPAA Security Rule Violations Penalty of $1.19 Million Impose by OCR on Gulf Coast Pain ConsultantsNuLLFiX