Prior to the holiday, the OCR settled its thirteenth enforcement action under the HIPAA Right of Access Initiative, which involved a primary care physician practicing in the State of Georgia. Dr. Peter Wrobel, M.D., P.C., operating under the fictitious name of Elite Primary Care, became subject to an OCR investigation (twice) for his alleged violations
Privacy & Security
The OCR Remains Increasingly Active under the HIPAA Right of Access Initiative
The Department of Health and Human Services (“HHS”) Office of Civil Rights (“OCR”) recently settled four more investigations under the HIPAA Right of Access Initiative, which totals 11 settlements thus far. In September, the OCR released a press release detailing its settlement of five additional actions under the HIPAA Right of Access Initiative. In…
Which Privacy Protections Apply? HIPAA, FERPA and COVID-19
A recent conversation with a colleague in California prompted me to write this. He said that as part of its back-to-school plan, his children’s elementary school district “highly encouraged” that all students be tested for COVID-19 before returning to class. The district provided families with an in-home saliva test and asked parents to collect their…
Employer Collection of COVID-19 Data and Employee Privacy
The following post is adapted from an article written by Fox Rothschild attorneys Wayne Pinksone and Lucy Li, available here.
OSHA recently published guidance for “nonessential businesses” that are intending to reopen and allow their employees to return to work. This guidance is intended to supplement the U.S. Department of Labor and U.S. Department…
FTC Offers Tips for Data Protection in Products Related to Fighting COVID-19
From Fox Rothschild’s Privacy Compliance & Data Security blog
The Federal Trade Commission (FTC) has offered tips for data protection during the COVID-19 crisis.
- Consider privacy and security as you’re developing your products and services, and not after launch. Although we will be flexible and reasonable when it comes to bringing enforcement actions against companies
…
Don’t Get Sprayed: CISA Alert Reminds Health Care Entities to Use Strong Passwords
A joint Alert from the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) warns of new cyber attacks targeting COVID-19-related information.
Notably, these attacks succeed when system users have weak or common passwords. NCSC published frequently found passwords here, many of which are…
New York Attorney General Warns Health Care Industry of COVID-19 Cyber Scams

The New York Attorney General has issued a warning to healthcare providers, hospitals, and other organizations within the health supply chain that cyber criminals are using targeted COVID-19 phishing emails and texts to gain access to sensitive information. Multiple reports indicate that scammers are sending emails and texts to get a recipient to click on…
OCR Warning: Phone Scammer Posing as Investigator to Obtain PHI

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a warning that it has received reports that someone has been impersonating an OCR inspector in an effort to access HIPAA Protected Health Information (PHI).
According to the agency: “The individual identifies themselves on the telephone as an OCR investigator, but…
Dos and Don’ts from OCR’s Guidance and FAQs on Telehealth and HIPAA
On March 20, 2020, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) published Guidance and a list of FAQs related to the provision of telehealth and HIPAA compliance.
“OCR will exercise enforcement discretion and will not impose penalties for noncompliance with the regulatory requirements under the HIPAA Rules against covered…
Medicare and OCR Relax Telehealth Rules Under Medicare and HIPAA
By Margaret J. Davino, Salvatore J. Russo and Nawa A. Lodin
In the Medicare Telemedicine Healthcare Provider Fact Sheet published March 17, 2020, the Centers for Medicare & Medicaid Services (CMS) broadened access to Medicare telehealth services to allow Medicare patients to receive more services from their doctors without travel to a health care…