OCR Announces that the Phase 2 HIPAA Audit Program Has Already Started

The HHS Office for Civil Rights (OCR) just announced that its Phase 2 HIPAA audit program has started and that covered entities and business associates are already being contacted. You can find this announcement here. OCR has begun sending emails to verify contact information for various covered entities and business associates and determine which entities […]

SAMHSA Submits Proposed Changes to 42 C.F.R. Part 2

Alcoholism, substance abuse and chemical dependency treatment providers should be aware that the Substance Abuse and Mental Health Services Administration (“SAMHSA”) has promulgated proposed changes to regulations regarding the privacy and confidentiality of what are now called “substance use disorder” treatment records.  Those privacy regulations, which are located at 42 C.F.R. Part 2, are well […]

Disclosure Of Student Mental Health Records: Teachable Moment From Oregon

This month’s column in the Albany County Bar Association Newsletter reviews the situation that unfolded earlier this year at the University of Oregon.  The university, which had been put on notice of a tort claim by a student in connection with an alleged sexual assault,  controversially obtained the treatment records of the same student from an on-campus […]

HIPAA Violation Settlement for Failure to Establish Breach Notification Policies and Procedures

A Massachusetts dermatology practice, APDerm, has agree to make a $150,000 payment and enter into a corrective action plan with the U.S. Department of Health and Human Services’ Office for Civil Rights in order to settle potential violations of HIPAA Privacy, Security, and Breach Notification Rules.  According to HHS, this is the first settlement entered […]

WellPoint Pays $1.7 Million to Resolve Alleged HIPAA Violations

The managed care company WellPoint Inc. has reached a Resolution Agreement with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) to settle allegations that it violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules. WellPoint agreed to pay $1.7 million in connection with this settlement. […]