HIPAA Compliance Insights

HIPAA Risks

HIPAA Risks Every Healthcare Organization Must Address

In February 2024, OCR announced a $4.75 million settlement with a hospital system that had failed to conduct an enterprise-wide risk analysis for over

Carl B. Johnson · May 3, 2025

HIPAA Rules and Compliance

HIPAA Rules and Compliance: What Enforcement Data Reveals

In January 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to conduct an enterprise-wide risk

Carl B. Johnson · May 3, 2025

HIPAA Privacy Rule

HIPAA Rules Are Divided Into 2 Sections: Privacy and Security

When OCR settled with Premera Blue Cross for $6.85 million in 2020, the enforcement action didn't hinge on a single failure. Investigators

Carl B. Johnson · May 3, 2025

HIPAA Security Incident

HIPAA Security Incident: Response Steps Your Team Needs

In 2023, OCR settled with a Louisiana medical group for $480,000 after a HIPAA security incident involving a stolen unencrypted laptop — an incident the

Carl B. Johnson · May 3, 2025

HIPAA Security Rule

HIPAA Security Incident Definition: What Counts and Why

In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had no process for identifying or responding to

Carl B. Johnson · May 3, 2025

HIPAA Security Rule

HIPAA Security Safeguards Include These Three Categories

In 2023, OCR settled with a healthcare provider for $1.3 million after an investigation revealed the organization had failed to implement even basic technical

Carl B. Johnson · Feb 28, 2025

HIPAA Security Rule

HIPAA Security Safeguards Include All of the Following

When OCR settled with Premera Blue Cross for $6.85 million in 2020, the root cause wasn't a single missing firewall or an

Carl B. Johnson · Feb 28, 2025

HIPAA SMS

HIPAA SMS Rules: How to Text About PHI Legally

In 2023, a dental practice in Texas paid a $50,000 settlement after a staff member texted a patient's diagnosis and insurance details

Carl B. Johnson · Feb 28, 2025

HIPAA Social Media

HIPAA Social Media Guidance HHS: What You Must Know

In December 2022, OCR settled with a dental practice for $23,000 after an employee responded to a negative online review by disclosing a patient&

Carl B. Johnson · Feb 28, 2025

HIPAA Social Media Rules

HIPAA Social Media Rules: What Your Workforce Must Know

In 2022, a Texas dental practice paid a $10,000 settlement after a staff member responded to a negative online review by disclosing the patient&

Carl B. Johnson · Feb 28, 2025

HIPAA Start Date

HIPAA Start Date: Key Compliance Dates You Must Know

When OCR investigates a covered entity and discovers years of noncompliance, one of the most common — and least persuasive — defenses is confusion about when HIPAA

Carl B. Johnson · Feb 23, 2025

HIPAA Subcontractor Agreement

HIPAA Subcontractor Agreement: What Your BAA Must Cover

The Downstream Liability Most Business Associates Overlook In 2023, OCR settled with a medical transcription company for over $100,000 after a breach traced not

Carl B. Johnson · Feb 23, 2025