HIPAA Compliance Insights

Medical OSHA Compliance

Medical OSHA Compliance and HIPAA: What You Must Know

When a dental practice in the Southeast received citations from both OSHA and OCR within the same quarter, the owner told me something I hear

Carl B. Johnson · May 6, 2024

Medical Records Subpoena

Medical Records Subpoena: HIPAA Rules You Must Follow

Last year, a mid-size orthopedic practice in the Southeast received a medical records subpoena from an attorney involved in a personal injury lawsuit. The office

Carl B. Johnson · May 6, 2024

Medical Staff Training

Medical Staff Training: HIPAA Requirements You Can't Ignore

In February 2024, OCR settled with a healthcare system for $480,000 after an investigation revealed that multiple workforce members had accessed patient records without

Carl B. Johnson · May 6, 2024

Minimum Necessary Standard

Minimum Necessary HIPAA: The Rule You're Probably Violating

A mid-size hospital system in the Midwest allowed its entire billing department unrestricted access to complete patient medical records — including clinical notes, mental health histories,

Carl B. Johnson · Apr 21, 2024

HIPAA Responsibility

My Responsibility Under HIPAA Includes: A Complete Guide

In 2023, OCR settled a case with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records

Carl B. Johnson · Apr 21, 2024

HIPAA Compliance

Negative Impact of Technology in Healthcare HIPAA Risks

In 2023, OCR reported that hacking and IT incidents accounted for 79% of all large healthcare data breaches — a staggering figure that would have been

Carl B. Johnson · Apr 21, 2024

Notice of Privacy Practices

Notice of Privacy Practices: What Most Organizations Get Wrong

In 2022, OCR settled with a dental practice in New England for $50,000 — not because of a data breach, but because the practice failed

Carl B. Johnson · Apr 21, 2024

Notice of Privacy Practices

Notice of Privacy Practices Definition: What HIPAA Requires

In 2022, OCR settled with a dental practice in North Carolina for $50,000 — not because of a data breach, but because the practice failed

Carl B. Johnson · Apr 21, 2024

Notice of Privacy Practices

Notice of Privacy Practices Meaning Explained for 2024

In 2022, OCR settled with a dental practice in Georgia for $62,500 — not because of a data breach, but because the practice failed to

Carl B. Johnson · Apr 21, 2024

HIPAA Compliance

Is Your Office Safe HIPAA Compliant? Key Requirements

In 2019, a small cardiology practice in New England received a complaint after a terminated employee reported that patient records were stored in an unlocked

Carl B. Johnson · Mar 7, 2024

Online HIPAA Training

Online HIPAA Training Programs: What Actually Works

In 2023, OCR settled with a Florida-based dental practice for $30,000 after an investigation revealed the organization had never implemented formal workforce training — despite

Carl B. Johnson · Mar 7, 2024

OSHA Compliance

OSHA Bloodborne Pathogens Standards Require Healthcare Pros To

In 2023, OSHA cited a Florida dental practice for over $78,000 in penalties — not for a data breach, but for failing to maintain an

Carl B. Johnson · Mar 7, 2024