All Posts


Any Port in a Storm? OCR Seeks Comments on HIPAA “Safe Harbor” for Recognized Security Practices

Earlier this month, HHS’s Office for Civil Rights (OCR) issued a Request for Information (RFI) seeking comments on a statutory provision adopted last year…

Read Post

Ignore Evolving Security Threats at Your Own Risk: OCR Raises Stakes on Cybersecurity in the Health Care Sector

OCR’s recent focus on cybersecurity in the health care sector sends a clear message to HIPAA covered entities and business associates: OCR expects you to…

Read Post

HIPAA for the Holidays: How OCR’s December HIPAA Notice of Proposed Rulemaking Could Impact Covered Entities

In case privacy lawyers did not have enough to keep up with over the holiday season (as we’ve mentioned, there’s already plenty to keep up…

Read Post

Some Restrictions Apply: Limits and Risks of OCR’s COVID-19 Notifications of HIPAA Enforcement Discretion

To help combat the ongoing COVID-19 pandemic, the Department of Health and Human Services (DHHS) and its Office for Civil Rights (OCR) has recently issued…

Read Post

Dissecting OCR HIPAA Penalties: Why small breaches continue to drive big settlements and penalties

It is unsurprising that big data breaches lead to big costs (we see you Facebook). You would be forgiven, then, for assuming…

Read Post