Tag archives: OCR

OCR and FTC Issue a Joint Letter Suggesting Enforcement Actions May Be in the Pipeline

On July 20, 2023 HHS and the Federal Trade Commission (“FTC”) issued a joint letter to approximately 130 companies regarding their online data collection processes. The letter follows the much discussed December 1, 2022, Bulletin that expanded the kinds of websites and applications governed by HIPAA (you can read about our analysis of the bulletin … Continue reading

OCR proposes to share HIPAA data breach settlements with victims

By on May 22, 2018 Posted in Data breach

Data Protection Report - Norton Rose Fulbright

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) plans to issue an advance notice of proposed rulemaking this November on potentially sharing HIPAA breach settlements with victims.… Continue reading

US HHS OCR issues cyber extortion newsletter

By Alexis Wilpon (US) on February 1, 2018 Posted in Regulatory response

This week, the US Department of Health and Human Services HHS Office for Civil Rights published a January 2018 newsletter focusing on cyber extortion.… Continue reading

FTC Enforcement Possible for Failing to Guard Against Ransomware

By on October 6, 2016 Posted in Compliance and risk management, Cybercrime, Regulatory response

Recent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may … Continue reading

HHS Update: Looking Toward Audits and Increased Enforcement

By Anna Rudawski (US) and Mark Faccenda (US) on September 8, 2016 Posted in Compliance and risk management, Regulatory response, Vendor management and transactions

The Department of Health and Human Services and its Office of Civil Rights (OCR) are capping off a very active 2016. In the last 6 months, the OCR has released a new audit protocol, announced new rounds of HIPAA audits, and stepped up enforcement. The flurry of activity comes after a prolonged period of anticipation in … Continue reading

Your Money or Your PHI: New Guidance on Ransomware

By Mark Faccenda (US) and Anna Rudawski (US) on July 14, 2016 Posted in Compliance and risk management, Data breach, Regulatory response

On June 12, 2016, the HHS Office of Civil Rights (OCR) released guidance, entitled “FACT SHEET: Ransomware and HIPAA,” in response to the rising number of ransomware attacks perpetrated against healthcare entities. The guidance addresses Health Insurance Portability and Accountability Act (HIPAA) issues that may arise when medical records containing Protected Health Information (PHI) are compromised … Continue reading

OCR Launches Phase 2 of the HIPAA Audit Program

By on March 22, 2016 Posted in Compliance and risk management, Regulatory response

The HHS Office for Civil Rights (OCR) announced on Monday that it has launched the long-awaited Phase 2 of its HIPAA Privacy, Security, and Breach Notification Audit Program.… Continue reading

OCR issues guidance on HIPAA Security Rule compliance and mobile health apps

By on March 6, 2016 Posted in Compliance and risk management, Regulatory response

Data Protection Report - digital privacy, CCPA and cybersecurity

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) recently published two guidance documents to aid organizations in complying with HIPAA.… Continue reading

New HIPAA compliance resource available to mobile health app developers

By on October 8, 2015 Posted in Compliance and risk management

As we reported on the Health Law Pulse blog, the HHS Office of Civil Rights (OCR) has unveiled a new resource to provide mobile health developers guidance on complying with applicable Health Information Portability and Accountability Act (HIPAA) requirements. The portal allows developers to submit questions and offer comments on existing OCR guidance regarding how mobile medical applications … Continue reading