OCR Issues 15th Ransomware Enforcement Action and 10th Enforcement Action in Risk Analysis Initiative The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with BST & Co. CPAs, LLP (“BST”), a New...

A Costly Reminder of HIPAA’s Ransomware Readiness Requirements. The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Syracuse ASC, LLC, doing business as Specialty Surgery Center of Central New York, for...

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) has the authority to investigate complaints and conduct compliance reviews involving potential violations of the HIPAA Privacy, Security, and Breach Notification Rules by covered entities and...

The Office for Civil Rights (OCR) has the authority to conduct compliance reviews and investigations of complaints alleging violations of the Privacy, Security, and Breach Notification Rules (the "HIPAA Rules") by covered entities and business associates. Comstar, LLC ("Comstar") meets...

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with BayCare Health System, a Florida-based healthcare provider, for potential violations of the HIPAA Security Rule. The case stemmed from a complaint alleging...

OCR Settlement with Vision Upright MRI: The Risk of Unsecured PACS Servers The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has reached a settlement with Vision Upright MRI LLC (VUM) after finding that the...

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued a “Dear Colleague” letter about the Change Healthcare cyberattack. OCR also opened an official investigation. The attack affects Change Healthcare, a unit of UnitedHealthcare Group (UHG),...

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $4.75 million settlement with Montefiore Medical Center, a New York City hospital system. The settlement resolves multiple potential HIPAA Security Rule violations. OCR enforces...

Optum Medical Care (formerly known as Riverside Medical Group and Riverside Pediatric Group) is a large multi-specialty physician group serving patients throughout New Jersey and Southern Connecticut. Optum has agreed to pay $160,000 and implement a Corrective Action Plan (CAP)...

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Green Ridge Behavioral Health, LLC, a Maryland psychiatric practice. The case involved a ransomware attack that compromised the protected health information of...