The U.S. Department of Health and Human Services Office for Civil Rights (OCR) announced last week that it entered into a Resolution Agreement with a Florida medical center (“Medical Center”) following allegations that the Medical Center failed to respond to a patient’s request for medical records in a timely fashion and in violation of the patient’s right to access such records under HIPAA. While the $85,000 settlement amount is relatively small in comparison to the…

The Department of Health and Human Services Office for Civil Rights (OCR) has shown once again that it is willing to enforce HIPAA against business associates, as seen in a recent settlement. The settlement highlights the importance of thorough risk analysis conducted by business associates and covered entities, as required by the HIPAA Security Rule, and serves as an indication that OCR remains ready to exercise its authority to enforce HIPAA’s requirements for business associates.…

Despite the announcement made last week by the Department of Health and Human Services Office for Civil Rights (OCR) about certain reduced penalty caps under the Health Insurance Portability and Accountability Act (HIPAA), OCR has shown in this week’s settlement that it still plans to vigorously enforce HIPAA. New Maximum Annual Penalty Caps On April 30, 2019, OCR announced in a Notification of Enforcement Discretion new annual penalty caps for identical violations of a requirement…

A private practice (Practice) comprising three physicians has agreed to pay the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) $125,000 to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA). While the fine is small compared with OCR’s October announcement of the $16 million settlement with Anthem, it confirms OCR’s ongoing commitment to enforcing HIPAA compliance, regardless of an organization’s size or the number of impacted…

After a relatively quiet start to 2018, the Office for Civil Rights within the U.S. Department of Health and Human Services (OCR) has had an incredibly busy week, with the announcement of a blockbuster settlement, an updated security risk assessment tool, and new priorities for the agency. Anthem Settlement In a record-breaking settlement, Anthem, one of the nation’s largest health benefits companies, has agreed to pay OCR $16 million and take substantial corrective actions to…

Recently, the attorneys general of eleven states and the District of Columbia filed suit to challenge the Department of Labor’s (DOL) new association health plan (AHP) regulations (the “AG Litigation”). Although it is unclear at this time whether the AG Litigation will be successful in invalidating the regulations, it creates a potential impediment for a key aspect of the Trump administration’s effort to change the health insurance marketplace. The AHP Regulations An AHP is a…

Last week, the Departments of Treasury, Labor, and Health and Human Services (the “Departments”) issued final regulations to redefine the meaning of “short-term, limited duration insurance” (“short-term insurance”). The controversial regulations are likely to expand the use of this limited form of health insurance among consumers who do not receive coverage through their employers. Background The Affordable Care Act (“ACA”) imposes strict requirements on most individual health insurance coverage. Short-term insurance is exempt from most…