Search
On February 16, 2024, the HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published a final version of the cybersecurity resource guide (the “Guide”) with respect to the HIPAA Security Rule. As noted in the Guide’s abstract, “This publication provides...
On February 6, 2024, the HHS Office for Civil Rights (“OCR”) announced a settlement with Montefiore Medical Center (“MMC”) for alleged HIPAA Security Rule violations and MMC agreed to pay $4.75 million and enter into a two-year corrective action plan (“CAP”) with OCR. MMC admitted no wrongdoing...
In December 2023, the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) announced a $480,000 settlement with a Louisiana medical group following a phishing incident. In 2021, the medical group filed a breach report with HHS stating that a hacker – through a...