Multitude of OCR Settlements Serve As Warning on Hacks, Record Requests

Academic medical centers and research institutions that treat patients don’t just have to worry about policies imposed by NIH or regulations by funding agencies. They also must watch the enforcement actions by the HHS Office for Civil Rights related to their standing as HIPAA covered entities (CEs). And in recent weeks, OCR has been very busy.

In September and early October, OCR issued three settlements in quick succession against organizations for allegedly ignoring warning signs of hackers and seven for allegedly failing to provide patients or parents access to medical records in a timely manner.

Although the payments in the settlements spanned the gamut from $3,500 in the smallest access case to $6.85 million in the largest data breach case, the message from OCR was clear: failure to follow HIPAA rules involving security and patient medical records access may result in an OCR enforcement action.

This document is only available to subscribers. Please log in or purchase access.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field