Skip to content
Healthcare Privacy News and Events

Healthcare Privacy News and Events

January 2026 OCR Cybersecurity Newsletter – System Hardening and Protecting ePHI

System hardening is the process of customizing electronic information systems (e.g., computer systems and other electronic devices) to reduce their attack surface,1 thus reducing the number of weaknesses2 and vulnerabilities3 that an attacker can exploit. This customization can take various forms, but typically includes a combination of patching known vulnerabilities, removing or disabling unneeded software and services, and enabling and configuring security measures.

visit the article webpage to read more..

 

Office for Civil Rights Announces Civil Enforcement Program for Confidentiality of Substance Use Disorder Patient Records

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a new program to implement and enforce statutory and regulatory requirements that protect the confidentiality of substance use disorder (SUD) patient records. This program marks the first time civil enforcement mechanisms will be available to protect the confidentiality of SUD patient records by covered SUD programs.

“At President Trump’s direction, HHS is aggressively enforcing federal safeguards to protect substance use disorder patient records as part of the Great American Recovery Initiative,” said HHS Secretary Robert F. Kennedy, Jr. “Americans seeking treatment for substance use disorder deserve comprehensive care without sacrificing their privacy or legal protections.”

visit the article webpage to read more..

HHS’ Office for Civil Rights Settles HIPAA Ransomware Investigation with Syracuse ASC

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Syracuse ASC, LLC doing business as Specialty Surgery Center of Central New York, for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security and Breach Notification Rules. Syracuse ASC is a single-facility, ambulatory surgery center located in Liverpool, New York that provides ophthalmic and ENT surgical services and pain management procedures to patients.

Visit the article webpage to learn more

 

HHS’ Office for Civil Rights Settles HIPAA Ransomware Security Rule Investigation with BST & Co. CPAs, LLP

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with BST & Co. CPAs, LLP (“BST”), a New York public accounting, business advisory, and management consulting firm, concerning a potential violation of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  BST is a HIPAA business associate and receives financial information that also contains protected health information (PHI) from a HIPAA covered entity.

Visit the article webpage to learn more