Tag:

OCR

Dear Colleague: Collegiate Compliance with Changing Evidentiary Standards of Sexual Misconduct

In a world where sexual assault occurrences on college campuses are becoming more readily recognized and reported, one of the many arising issues is how to appropriately respond to the allegations. Facing college disciplinary boards is one of the principal battlegrounds. With cases of sexual assault often lacking enough evidence for police action, many have demanded that colleges take responsibility for their students’ safety. However, in a situation where it is already “he said, she said,” what is the appropriate evidentiary standard for reprimand?

When Selfies Go Wrong

On September 25th, a former Okaloosa County, Florida paramedic, Christopher Wimmer, was sentenced to six months jail time and three years’ probation for taking “selfies” with incapacitated victims in ambulances last year and sending them to a co-worker. He and his co-worker, Kaylee Renee Dubois, were engaged in a “selfie war” with each other and snapped images and videos of patients in ambulances who were unconscious, sedated, intoxicated, or incapacitated. In total, 101 photos, 64 videos, and 41 patients were photographed or recorded during the so-called war, and a mere three patients consented to photographs being taken of them. Employees’ missteps with the privacy rights of patients have a negative lasting effect on their employer, their own career, and their patients.

Cybersecurity Breaches Increasing in Healthcare Organizations

According to data from HHS’ Office of Civil Rights (OCR), healthcare data breaches in 2017 are set to outpace those from 2016. Security experts have determined this increase is due to two factors: getting entry into a system has become easier, and organizations are now more inclined to report breaches. Yet despite the increase in data breaches and the costs of settling with HHS OCR, a majority of healthcare organizations are still only spending 1-6% of their budgets on cybersecurity measures.

OCR Audits Subject To Phishing Hack

Christine Bulgozdi Associate Editor Loyola University Chicago School of Law, JD 2018   Back in November, the Department of Human Services (HHS) Office of Civil Rights (OCR) released an alert stating that a phishing scam masquerading as an OCR Audit had been spotted being sent out to Health Information Portability and Accountability Act (HIPAA) covered …
Read more

When Policies and Procedures Are Just Not Enough: Memorial Healthcare System Settlement

Alexander Thompson Associate Editor Loyola University Chicago School of Law, JD 2018   On February 16, 2017, the HHS Office of Civil Rights Acting Director, Robinsue Frohboese, announced the second largest HIPAA settlement fine ever. At $5.50 million, Memorial Healthcare System’s fine was just behind the $5.55 million given to Advocate Healthcare in 2016. Memorial …
Read more

Joint Guidance Confirms the Sharing of Health Information Subject to FTC Regulations, Not Only HIPAA

Logan Parker Privacy Editor Loyola University Chicago School of Law, LL.M. in Health Law 2017   On October 22, 2016, the Federal Trade Commission (“FTC”) in collaboration and conjunction with the Department of Health and Human Services’ Office for Civil Rights (“OCR”) released new guidance on key privacy and security considerations for organizations handling health …
Read more

Advocate Settles with OCR for $5.55 Million, Officially the Highest Single HIPAA Violation Settlement to Date

Fannie Fang Executive Editor Loyola University Chicago School of Law, JD 2017   The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently agreed to a settlement with Advocate Health Care Network (Advocate), the largest health systems in the Chicago area. In the settlement, Advocate agreed to pay a sum of …
Read more

HIPAA Vulnerabilities Highlighted in Oregon Health & Science University Settlement

Logan Parker Privacy Editor Loyola University Chicago School of Law, LL.M in Health Law 2017   In 2013, Oregon Health & Science University (“OHSU”), Oregon’s only academic health center, reported numerous breaches of unsecured electronic protected health information (“ePHI”), including two breaches within the span of five months. This led to the Office of Civil …
Read more

OCR To Devote Greater Resources To HIPAA Breaches Affecting Fewer Than 500 Individuals

Christine Bulgozdi Associate Editor Loyola University Chicago School of Law, JD 2018   The Office of Civil Rights (OCR) announced in August that they would be focusing more efforts on investigating breaches of Protected Health Information (PHI) affecting fewer than 500 individuals.  Currently, regional offices investigate all breaches affecting more than 500 individuals, but only …
Read more