Office for Civil Rights

Subscribe to Office for Civil Rights via RSS

The Department of Health and Human Services and the Federal Trade Commission have sent a joint letter to approximately 130 hospital systems and telehealth providers to emphasize the risks and concerns about the use of technologies, such as the Meta/Facebook pixel and Google Analytics, that can track a user’s online activities. We have summarized each

It is not the first time we have written about complaints, OCR settlements, and even jail time following snooping by hospital employees into patient records. For example, as COVID raged, an investigation showed that for approximately 10 months ending in February, 2021, an employee at a California state hospital improperly accessed approximately 2,000 individuals’ COVID-19

Unhappy consumers, including patients, are free to express dissatisfaction with services they receive from providers on popular social media or online review platforms, such as Yelp and Google. At least in the healthcare industry, providers must be very careful when responding, if they respond at all.

“OCR continues to receive complaints about health care

We have written several times about U.S. Department of Health and Human Services Office for Civil Rights’ “HIPAA Right of Access Initiative.” In its most recent enforcement action under the Initiative, the 44th such enforcement action, the OCR investigated a complaint made against a psychotherapist concerning the alleged refusal to provide medical records. Ultimately, and

Last month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a bulletin with guidance concerning the use of online tracking technologies by covered entities and business associates under the Health Insurance Portability and Accountability Act (HIPAA). The OCR Bulletin follows a significant uptick in litigation concerning these technologies

We have been quite busy this October, which happens to be National Cybersecurity Awareness Month. But, we did not want to let the month go by without some recognition; and we are grateful to the HHS Office for Civil Rights (OCR) for this always timely reminder for HIPAA covered entities and business associates – have

A $300,640 settlement announced yesterday by the Office for Civil Rights (OCR) provides important reminders about HIPAA Privacy Rule and data privacy practices generally: robust data disposal practices are critical and “protected health information” (PHI) is not limited to diagnosis or particularly sensitive information.

The OCR’s settlement involved a New England dermatology practice that reported

In response to the United States Supreme Court decision in Dobbs vs. Jackson Women’s Health Organization, President Joe Biden signed an Executive Order on Friday, July 8, 2022, designed to protect access to reproductive health care services. In addition to measures seeking to safeguard access to abortion and contraception, the Executive Order includes provisions

It can be cathartic responding to a negative online review. It can also backfire, as can failing to cooperate with an OCR investigation as required under HIPAA.

The Office for Civil Rights (OCR) recently announced four enforcement actions, one against a small dental practice that imposed a $50,000 civil monetary penalty under HIPAA. The OCR

When use or disclosure of an individual’s health information or medical records is at issue, the assumption seems to be, much more often than not, that the HIPAA privacy and security rules apply. This has certainly been the case during the COVID-19 pandemic. Of course, it is true that in most healthcare settings, HIPAA is