Comstar, LLC HIPAA Resolution Agreement and Corrective Action Plan

The US Department of Health and Human Services (HHS) has entered into a resolution agreement with Comstar, LLC, a business associate under HIPAA. Comstar will pay $75,000 and comply with a corrective action plan to resolve alleged violations of HIPAA's Privacy, Security, and Breach Notification Rules following a ransomware attack affecting 585,621 individuals.

HHS Settles HIPAA Breach Case with BST CPAs for $175,000

The U.S. Department of Health and Human Services (HHS) has settled a HIPAA breach case with BST & Co. CPAs, LLP for $175,000. The settlement resolves allegations that BST failed to conduct a risk analysis following a ransomware attack that impacted the protected health information of 170,000 individuals.

Deer Oaks HIPAA Resolution Agreement and Corrective Action Plan

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has entered into a Resolution Agreement and Corrective Action Plan with Deer Oaks, a covered entity under HIPAA. The agreement resolves allegations of impermissible disclosure of protected health information (PHI) and a subsequent data breach, requiring Deer Oaks to pay a resolution amount and implement corrective actions.

HHS - Syracuse ASC Pays $250,000 for HIPAA Violations

The U.S. Department of Health and Human Services (HHS) has reached a resolution agreement with Syracuse ASC, L.L.C. for violations of HIPAA Rules. Syracuse ASC will pay $250,000 and comply with a Corrective Action Plan to address failures in risk analysis and timely breach notifications.

MMG Fusion Settles HIPAA Violations for $10,000

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has reached a resolution agreement with MMG Fusion, LLC, a business associate handling protected health information (PHI). MMG Fusion will pay $10,000 to settle alleged violations of HIPAA's Privacy, Security, and Breach Notification Rules following a data breach that exposed patient information.

North Dakota Medicaid State Plan Amendment Approval

The Centers for Medicare & Medicaid Services (CMS) approved North Dakota's State Plan Amendment (SPA) 26-0008 on March 10, 2026. This amendment updates the designee responsible for State Plan submissions. The SPA was effective January 5, 2026.

Arizona Medicaid SPA AZ-25-0029 Updates Nursing Facility Rates

The Centers for Medicare & Medicaid Services (CMS) approved Arizona State Plan Amendment AZ-25-0029, updating fee-for-service payment rates for nursing facility services. These updated rates are effective January 1, 2026.

Minnesota Medicaid SPA 25-0036: MAT Services Recovery Peers

The Centers for Medicare & Medicaid Services (CMS) approved Minnesota's State Plan Amendment (SPA) 25-0036, effective October 1, 2025. This amendment removes the end date for Medication Assisted Treatment (MAT) services and adds recovery peers and treatment coordinators as qualified providers.

South Dakota Medicaid SUD/IMD Template and Provider List Updates

The Centers for Medicare & Medicaid Services (CMS) approved South Dakota's Medicaid State Plan Amendment (SPA) 25-0015. This amendment updates the Substance Use Disorders/Institutions for Mental Diseases template and revises the provider list for school-based direct services and administrative claiming.

Medicare Transmittals and Updates

The Centers for Medicare & Medicaid Services (CMS) has issued several transmittals and updates for Medicare in late December 2023. These documents provide guidance on coding, payment systems, and policy clarifications for healthcare providers. Key updates include changes to ICD-10, IVIG items, ACO REACH model APIs, and the ASC payment system.