Blog - HIPAA Training

Warby Parker Faces $1.5 Million Civil Penalty for HIPAA Violations in Cybersecurity Breach Investigation

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed a $1.5 million civil money penalty on Warby Parker, Inc., an eyewear manufacturer and online retailer, for violations of the HIPAA Security Rule. The penalty follows an investigation into a data breach caused by unauthorized access to customer accounts by third parties. HIPAA Security Rule and Compliance Requirements OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which require health plans, health care providers, and business associates to safeguard protected health information (PHI). The HIPAA Security Rule sets national standards for protecting electronic PHI [...]

Warby Parker Faces $1.5 Million Civil Penalty for HIPAA Violations in Cybersecurity Breach InvestigationNuLLFiX

Oregon Health & Science University fined $200,000 for Failure to Provide Timely Access to Patient Records

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a $200,000 civil monetary penalty against Oregon Health & Science University (OHSU), a public academic health center and research university, for failing to comply with an individual’s right to timely access her medical records through a personal representative. Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule’s "Right of Access" provisions, individuals or their personal representatives are entitled to timely access to their health information. Covered entities, such as health plans and most healthcare providers, must provide requested records within 30 [...]

Oregon Health & Science University fined $200,000 for Failure to Provide Timely Access to Patient RecordsNuLLFiX

Step by Step Guide to Find the Medical Courier Job

Finding a medical courier job involves several steps, including researching opportunities, meeting qualifications, and applying for positions. Here’s a step-by-step guide to help you get started: Understand the Role of a Medical Courier Medical couriers transport medical items such as lab samples, medications, medical equipment, lab chemicals, gas cylinders and documents between healthcare facilities, labs, pharmacies, and patients. The job may require driving, handling sensitive materials, and adhering to strict delivery schedules and safety protocols. Meet the Basic Requirements for a Medical Delivery Driver Valid Driver’s License: A clean driving record is often required. Reliable Vehicle: Some companies require you to [...]

Step by Step Guide to Find the Medical Courier JobNuLLFiX

The HHS Office for Civil Rights resolves a HIPAA case with Memorial Healthcare System regarding patient access to medical records.

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced a settlement with Memorial Healthcare System, also known as South Broward Hospital District, a Florida-based health system, for a potential violation of the HIPAA Privacy Rule. The case stems from a complaint alleging that Memorial Healthcare System failed to provide timely access to an individual’s protected health information (PHI), as required by the HIPAA Right of Access provisions. These provisions mandate that individuals or their representatives must receive access to their health records promptly and at a reasonable cost. OCR’s investigation concluded that Memorial Healthcare [...]

The HHS Office for Civil Rights resolves a HIPAA case with Memorial Healthcare System regarding patient access to medical records.NuLLFiX

HHS Office for Civil Rights Resolves HIPAA Phishing Cybersecurity Case with Solara Medical Supplies, LLC for $3,000,000

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced a $3,000,000 settlement with Solara Medical Supplies, LLC (Solara), a provider and distributor of diabetes care products, following potential violations of the HIPAA Security Rule and Breach Notification Rule. This settlement resolves an investigation into a phishing attack that compromised the electronic protected health information (ePHI) of over 114,000 individuals. OCR is responsible for enforcing the HIPAA Privacy, Security, and Breach Notification Rules, which mandate that covered entities and their business associates protect the privacy and security of protected health information (PHI). The HIPAA Security [...]

HHS Office for Civil Rights Resolves HIPAA Phishing Cybersecurity Case with Solara Medical Supplies, LLC for $3,000,000NuLLFiX

HHS Office for Civil Rights Resolves HIPAA Ransomware Cybersecurity Case with $10,000 Settlement

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced a settlement with Northeast Surgical Group, P.C. (NESG), a Michigan-based provider of surgical services, for potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. OCR oversees the enforcement of the HIPAA Privacy, Security, and Breach Notification Rules, which are designed to protect the privacy and security of protected health information (PHI) by setting compliance standards for covered entities and business associates. The HIPAA Security Rule establishes national safeguards—administrative, physical, and technical—to ensure the confidentiality, integrity, and security of electronic PHI (ePHI). [...]

HHS Office for Civil Rights Resolves HIPAA Ransomware Cybersecurity Case with $10,000 SettlementNuLLFiX

HHS OCR has fined Virtual Private Network Solutions, LLC, a HIPAA business associate, $90,000 for failing to comply with the requirements of the HIPAA Security Rule.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced a $90,000 settlement with Virtual Private Network Solutions, LLC (VPN Solutions), a Virginia-based business associate that provides data hosting and cloud services to covered entities and other business associates. This settlement addresses potential violations of the HIPAA Security Rule, which sets national standards for safeguarding electronic protected health information (ePHI). The investigation stemmed from a ransomware attack on VPN Solutions' systems. OCR Director Melanie Fontes Rainer emphasized the importance of proactive security measures, stating, “An accurate and thorough risk analysis is foundational to both HIPAA [...]

HHS OCR has fined Virtual Private Network Solutions, LLC, a HIPAA business associate, $90,000 for failing to comply with the requirements of the HIPAA Security Rule.NuLLFiX

A HIPAA business associate has been fined $337,750 for failing to comply with the requirements of the HIPAA Security Rule.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced today a $337,750 settlement with USR Holdings, LLC (USR), a Florida-based business associate, for violations of the HIPAA Security Rule. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which establish the requirements that covered entities and business associates must follow to safeguard protected health information (PHI). The HIPAA Security Rule mandates national standards to ensure the confidentiality, integrity, and availability of electronic PHI (ePHI) through administrative, physical, and technical safeguards. This settlement follows an investigation into a breach where ePHI was deleted by an [...]

A HIPAA business associate has been fined $337,750 for failing to comply with the requirements of the HIPAA Security Rule.NuLLFiX

Elgon Information Systems was fined $80,000 by the OCR for failing to conduct a risk analysis as required under the HIPAA Security Rule.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced today that Elgon Information Systems (Elgon), a Massachusetts-based company providing electronic medical record and billing support services to covered entities, has agreed to an $80,000 settlement for violations of the HIPAA Security Rule. OCR enforces HIPAA's Privacy, Security, and Breach Notification Rules, which outline the responsibilities of covered entities—such as health plans, healthcare clearinghouses, and healthcare providers—and their business associates in safeguarding protected health information (PHI). The HIPAA Security Rule establishes national standards to protect electronic PHI (ePHI) through administrative, physical, and technical safeguards. This settlement [...]

Elgon Information Systems was fined $80,000 by the OCR for failing to conduct a risk analysis as required under the HIPAA Security Rule.NuLLFiX

Navigating HIPAA Compliance: The Best Course for Non-IT Professionals

Following is one of the frequently asked questions over the phone: I have been given additional responsibility for acting as a HIPAA compliance officer for my company. I am not an IT professional, so which course will be right for me, and why? Congratulations on your new role as a HIPAA Compliance Officer! As you embark on this critical responsibility, you must ensure you're well-prepared with the proper knowledge and training to help your organization comply with HIPAA regulations. The role of a HIPAA Compliance Officer involves overseeing the protection of Protected Health Information (PHI), managing security policies, conducting staff training, [...]

Navigating HIPAA Compliance: The Best Course for Non-IT ProfessionalsNuLLFiX