Tag Archives: OCR

OCR Strikes Again: Another HIPAA Right of Access Settlement

On December 15, 2022, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced its 17th HIPAA Right of Access settlement of the year.  Overall, OCR has settled or assessed a penalty in a Right of Access enforcement matter 42 times since it began its Right of Access enforcement initiative in 2019. […]

OCR’s Focus on Dentists Continue: Dentist Pays for Responding to On-Line Reviews

No one likes receiving negative reviews on Yelp.  But healthcare providers need to exercise better restraint than a dentist who will pay $23,000 to the Department of Health and Human Services’ Office for Civil Rights (OCR) to settle claims that his responsive posts violated HIPAA. OCR received a complaint that New Vision Dental (NVD) continuously […]

OCR Issues Guidance on Audio-Only Telehealth

Today, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance on HIPAA requirements as they relate to audio-only telehealth.  Importantly, for the first time, OCR provides insights on its position on the difference between landline and VoIP telecommunication services.  OCR’s guidance applies now and after its telehealth enforcement discretion is […]

A Year in Review: HIPAA Enforcement Action Resolutions in 2021

Here it is!  My annual summary of HIPAA enforcement action resolutions.  I know you all have been eagerly awaiting its arrival.  No plot twists or surprises this year – the enforcement themes are much the same as those in 2020.  As I explain below, Right of Access was again the star. 

Telehealth, Privacy, and the Three Little Pigs: A Year and a Half Later

In my July 23, 2020 blog post, I used the familiar characters in the beloved fable The Three Little Pigs to illustrate the importance of building a secure and compliant telehealth delivery system. I explained that, despite the Office for Civil Rights’ (OCR) announcement of enforcement discretion during the public health emergency (PHE), healthcare providers should establish HIPAA-compliant telehealth delivery systems before enforcement discretion ended. Because the PHE may soon be over, that message bears repeating.

OCR Announces HIPAA Enforcement Discretion for Make-Shift COVID-19 Testing Sites

In line with its other Notices of Enforcement Discretion, OCR announced today that it will not enforce HIPAA rules against healthcare providers and their business associates for HIPAA violations that occur during the good faith operation of a community-based COVID-19 specimen collection and testing site, such as a mobile, drive-through or walk-up site.

OCR Issues FAQs on Relaxed HIPAA Enforcement for Telehealth

Late Friday, the Office for Civil Rights (OCR) issued FAQs on telehealth and HIPAA as a follow up to DHHS’ announcement that OCR would use “enforcement discretion” for HIPAA non-compliance related to the good faith roll out of telehealth services during the COVID-19 emergency. The FAQs provide useful information about the types of applications that can be used for telehealth as well as examples of bad faith conduct.