Tag Archives: OCR

The Pixel Problem Part 2: Tracking Technologies and OCR’s Revised Guidance

In December 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) released “guidance” on the use of tracking technologies, which took an overboard approach to the use of basic website analytics tools (2022 Guidance).  Courts criticized OCR’s 2022 Guidance, and last fall, the American Hospital Association sued OCR, alleging agency overreach. […]

The Pixel Problem: Tracking Technologies and OCR’s Guidance

In June 2022, several media outlets broke a story about hospitals using a website technology that caused patient data to be sent to Facebook known as Meta Pixel.  Specifically, the investigation found that 33% of the top 100 hospitals tracked user activity tied to scheduling appointments and, because the hospitals used Meta Pixel technology on […]

OCR Strikes Again: Another HIPAA Right of Access Settlement

On December 15, 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced its 17th HIPAA Right of Access settlement of the year.  Overall, OCR has settled or assessed a penalty in a Right of Access enforcement matter 42 times since it began its Right of Access enforcement initiative in 2019. […]

OCR’s Focus on Dentists Continue: Dentist Pays for Responding to On-Line Reviews

No one likes receiving negative reviews on Yelp.  But healthcare providers need to exercise better restraint than a dentist who will pay $23,000 to the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle claims that his responsive posts violated HIPAA. OCR received a complaint that New Vision Dental (NVD) continuously […]

OCR Issues Guidance on Audio-Only Telehealth

Today, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance on HIPAA requirements as they relate to audio-only telehealth.  Importantly, for the first time, OCR provides insights on its position on the difference between landline and VoIP telecommunication services.  OCR’s guidance applies now and after its telehealth enforcement discretion is […]

A Year in Review: HIPAA Enforcement Action Resolutions in 2021

Here it is!  My annual summary of HIPAA enforcement action resolutions.  I know you all have been eagerly awaiting its arrival.  No plot twists or surprises this year – the enforcement themes are much the same as those in 2020.  As I explain below, Right of Access was again the star. 

Telehealth, Privacy, and the Three Little Pigs: A Year and a Half Later

In my July 23, 2020 blog post, I used the familiar characters in the beloved fable The Three Little Pigs to illustrate the importance of building a secure and compliant telehealth delivery system. I explained that, despite the Office for Civil Rights’ (OCR) announcement of enforcement discretion during the public health emergency (PHE), healthcare providers should establish HIPAA-compliant telehealth delivery systems before enforcement discretion ended. Because the PHE may soon be over, that message bears repeating.

OCR Announces HIPAA Enforcement Discretion for Make-Shift COVID-19 Testing Sites

In line with its other Notices of Enforcement Discretion, OCR announced today that it will not enforce HIPAA rules against healthcare providers and their business associates for HIPAA violations that occur during the good faith operation of a community-based COVID-19 specimen collection and testing site, such as a mobile, drive-through or walk-up site.

OCR Issues FAQs on Relaxed HIPAA Enforcement for Telehealth

Late Friday, the Office for Civil Rights (OCR) issued FAQs on telehealth and HIPAA as a follow up to DHHS’ announcement that OCR would use “enforcement discretion” for HIPAA non-compliance related to the good faith roll out of telehealth services during the COVID-19 emergency. The FAQs provide useful information about the types of applications that can be used for telehealth as well as examples of bad faith conduct.