Call Us Today! 515-865-4591|Bob@hipaatraining.net

HHS

OCR Settles HIPAA Ransomware Cybersecurity Investigation for $25,000 with Comprehensive Neurology, PC

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has reached a settlement with Comprehensive Neurology, PC—a small neurology practice based in New York—over potential violations of the HIPAA Security Rule. This action follows an OCR investigation into a ransomware attack that compromised patient data. OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which mandate how covered entities (such as health care providers, health plans, and clearinghouses) and their business associates must protect patients' protected health information (PHI). Specifically, the HIPAA Security Rule requires administrative, physical, and technical safeguards to ensure the confidentiality, integrity, [...]

OCR Settles HIPAA Ransomware Cybersecurity Investigation for $25,000 with Comprehensive Neurology, PC

HHS Settles with PIH Health Over HIPAA Violations Following Phishing Attack

Washington, D.C. – The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has reached a $600,000 settlement with PIH Health, Inc., a California-based healthcare provider, following an investigation into potential HIPAA violations stemming from a phishing attack that compromised sensitive patient data. The breach, reported by PIH in January 2020, occurred in June 2019 when attackers infiltrated 45 employee email accounts, exposing the electronic protected health information (ePHI) of 189,763 individuals. The compromised data included: Names, addresses, and dates of birth Social Security and driver’s license numbers Medical diagnoses, lab results, and treatment details Insurance claims and financial information OCR Findings: Key HIPAA Failures OCR’s investigation revealed that PIH failed to: [...]

HHS Settles with PIH Health Over HIPAA Violations Following Phishing Attack

Guam Hospital Settles HIPAA Violation Case Following Cyberattacks

The U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), has announced a settlement with Guam Memorial Hospital Authority (GMHA) regarding potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. This action follows two complaints indicating unauthorized disclosure of patients' electronic protected health information (ePHI). GMHA is a public hospital located on the U.S. Territory of Guam. The HIPAA Privacy, Security, and Breach Notification Rules, enforced by OCR, mandate safeguards for the privacy and security of protected health information by covered entities (including health plans, clearinghouses, and most healthcare [...]

Guam Hospital Settles HIPAA Violation Case Following Cyberattacks

OCR resolves HIPAA Security Rule investigation with Northeast Radiology through a $350,000 settlement.

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced a settlement with Northeast Radiology, P.C. (NERAD), a medical imaging provider operating in New York and Connecticut, over potential violations of the HIPAA Security Rule. OCR is responsible for enforcing the HIPAA Privacy, Security, and Breach Notification Rules. These rules establish the requirements that covered entities—such as health plans, healthcare providers, and clearinghouses—and their business associates must follow to protect the privacy and security of protected health information (PHI). The HIPAA Security Rule, in particular, outlines national standards requiring administrative, physical, and technical safeguards to [...]

OCR resolves HIPAA Security Rule investigation with Northeast Radiology through a $350,000 settlement.

Health Fitness Corporation Settles HIPAA Security Rule Investigation with OCR for $227,816

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has reached a settlement with Health Fitness Corporation (Health Fitness), an Illinois-based provider of wellness plans nationwide, over a potential HIPAA Security Rule violation. OCR is responsible for enforcing the HIPAA Privacy, Security, and Breach Notification Rules, which outline the obligations of covered entities—such as health plans, health care clearinghouses, and most health care providers—as well as business associates like Health Fitness. The HIPAA Security Rule establishes national standards for safeguarding electronic protected health information (ePHI) through administrative, physical, and technical measures that ensure its confidentiality, integrity, [...]

Health Fitness Corporation Settles HIPAA Security Rule Investigation with OCR for $227,816

Warby Parker Faces $1.5 Million Civil Penalty for HIPAA Violations in Cybersecurity Breach Investigation

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has imposed a $1.5 million civil money penalty on Warby Parker, Inc., an eyewear manufacturer and online retailer, for violations of the HIPAA Security Rule. The penalty follows an investigation into a data breach caused by unauthorized access to customer accounts by third parties. HIPAA Security Rule and Compliance Requirements OCR enforces the HIPAA Privacy, Security, and Breach Notification Rules, which require health plans, health care providers, and business associates to safeguard protected health information (PHI). The HIPAA Security Rule sets national standards for protecting electronic PHI [...]

Warby Parker Faces $1.5 Million Civil Penalty for HIPAA Violations in Cybersecurity Breach Investigation

Oregon Health & Science University fined $200,000 for Failure to Provide Timely Access to Patient Records

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a $200,000 civil monetary penalty against Oregon Health & Science University (OHSU), a public academic health center and research university, for failing to comply with an individual’s right to timely access her medical records through a personal representative. Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule’s "Right of Access" provisions, individuals or their personal representatives are entitled to timely access to their health information. Covered entities, such as health plans and most healthcare providers, must provide requested records within 30 [...]

Oregon Health & Science University fined $200,000 for Failure to Provide Timely Access to Patient Records

HHS Office for Civil Rights Resolves HIPAA Ransomware Cybersecurity Case with $10,000 Settlement

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has announced a settlement with Northeast Surgical Group, P.C. (NESG), a Michigan-based provider of surgical services, for potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. OCR oversees the enforcement of the HIPAA Privacy, Security, and Breach Notification Rules, which are designed to protect the privacy and security of protected health information (PHI) by setting compliance standards for covered entities and business associates. The HIPAA Security Rule establishes national safeguards—administrative, physical, and technical—to ensure the confidentiality, integrity, and security of electronic PHI (ePHI). [...]

HHS Office for Civil Rights Resolves HIPAA Ransomware Cybersecurity Case with $10,000 Settlement

HHS OCR has fined Virtual Private Network Solutions, LLC, a HIPAA business associate, $90,000 for failing to comply with the requirements of the HIPAA Security Rule.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced a $90,000 settlement with Virtual Private Network Solutions, LLC (VPN Solutions), a Virginia-based business associate that provides data hosting and cloud services to covered entities and other business associates. This settlement addresses potential violations of the HIPAA Security Rule, which sets national standards for safeguarding electronic protected health information (ePHI). The investigation stemmed from a ransomware attack on VPN Solutions' systems. OCR Director Melanie Fontes Rainer emphasized the importance of proactive security measures, stating, “An accurate and thorough risk analysis is foundational to both HIPAA [...]

HHS OCR has fined Virtual Private Network Solutions, LLC, a HIPAA business associate, $90,000 for failing to comply with the requirements of the HIPAA Security Rule.

Elgon Information Systems was fined $80,000 by the OCR for failing to conduct a risk analysis as required under the HIPAA Security Rule.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced today that Elgon Information Systems (Elgon), a Massachusetts-based company providing electronic medical record and billing support services to covered entities, has agreed to an $80,000 settlement for violations of the HIPAA Security Rule. OCR enforces HIPAA's Privacy, Security, and Breach Notification Rules, which outline the responsibilities of covered entities—such as health plans, healthcare clearinghouses, and healthcare providers—and their business associates in safeguarding protected health information (PHI). The HIPAA Security Rule establishes national standards to protect electronic PHI (ePHI) through administrative, physical, and technical safeguards. This settlement [...]

Elgon Information Systems was fined $80,000 by the OCR for failing to conduct a risk analysis as required under the HIPAA Security Rule.
Go to Top