OCR

Subscribe to OCR via RSS

The Office for Civil Rights (OCR) has announced its fourth cybersecurity investigation and settlement, noting a 264% increase in significant ransomware breaches since 2018. A recent settlement with a medium-sized healthcare provider involved a $250,000 payment and commitments to enhance the security of Protected Health Information (PHI). This investigation and settlement underscore the critical need

Leveraging AI in healthcare requires vast amounts of data, but navigating privacy and data security laws is crucial. A recent investigation into Australia’s I-MED Radiology Network highlights concerns about using medical data for AI. This case offers valuable insights for U.S. providers, especially regarding compliance with HIPAA and other regulations. Read more.

On April 22, 2024, the federal Department of Health and Human Services’ Office for Civil Rights (OCR) announced a final rule enhancing privacy protections relating to reproductive health care. Specifically, the final rule amends the Privacy Rule under the Health Insurance Portability and Accountability Act (HIPAA) to, among other things, establish new limits on the

What do ransomware, Yelp, and website tracking technologies all have in common? They are troubling areas of concern for HIPAA covered entities and business associates, according to one official from the federal Office for Civil Rights (OCR) which enforces the HIPAA privacy and security rules. Recently, the Executive Editor of Information Security Media Group’s (ISMG’s)

The Department of Health and Human Services and the Federal Trade Commission have sent a joint letter to approximately 130 hospital systems and telehealth providers to emphasize the risks and concerns about the use of technologies, such as the Meta/Facebook pixel and Google Analytics, that can track a user’s online activities. Read more.

test

The growing use of healthcare mobile applications and websites—and the associated use of online tracking technologies—raises privacy concerns under the Health Insurance Portability and Accountability Act (HIPAA) that developers of such applications and healthcare organizations should keep in mind. Indeed, there has been an uptick in litigations filed across the country involving healthcare mobile application

October is National Cybersecurity Awareness month, and the HHS Office for Civil Rights (OCR) has provided a timely reminder for HIPAA covered entities and business associates to have a written incident response plan! To learn why another policy is needed, what an incident response plan needs to include, and the reporting obligations, read the

October 2018 marks the 15th annual National Cyber Security Awareness Month. In honor of this occasion, the Office of the National Coordinator for Health Information Technology (ONC) and the HHS Office for Civil Rights (OCR) have jointly launched an updated HIPAA Security Risk Assessment (SRA) Tool to help covered entities and business associates comply