HIPAA Compliance Insights

HIPAA Compliance

The Act That Prohibits the Practice of Kickbacks Is

In 2023, the Department of Justice recovered over $2.68 billion in settlements and judgments related to healthcare fraud — and a significant portion of those

Carl B. Johnson · Sep 24, 2023

Notice of Privacy Practices

The Blank Describes How PHI May Be Used Under HIPAA

If you've encountered the question "the blank describes how PHI may be used" in a HIPAA training module or certification exam,

Carl B. Johnson · Sep 24, 2023

HIPAA Enforcement Rule

Enforcement Rule: Applies to Covered Entities Only? True or False

If you've encountered the question "the enforcement rule applies to covered entities only — true or false" on a compliance quiz, you

Carl B. Johnson · Sep 24, 2023

OCR Enforcement

The HHS Office for Civil Rights Is Charged with Protecting PHI

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of 12,

Carl B. Johnson · Sep 24, 2023

HITECH Act

The HITECH Act Introduced Penalties for HIPAA Violations Based On Tiered Culpability

In 2018, the University of Texas MD Anderson Cancer Center lost a $4.3 million appeal after OCR determined that three data breaches involving unencrypted

Carl B. Johnson · Sep 24, 2023

HIPAA Compliance

The Importance of HIPAA: What Every Healthcare Org Must Know

In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed massive gaps in risk

Carl B. Johnson · Sep 24, 2023

Minimum Necessary Standard

The Minimum Necessary Rule Refers To: A Practical Guide

In 2022, OCR settled with a dental practice for $25,000 after an investigation revealed the organization had disclosed an entire patient medical record to

Carl B. Johnson · Sep 24, 2023

Minimum Necessary Standard

The Minimum Necessary Standard Means To Limit PHI Access

In 2023, OCR settled with a covered entity for over $100,000 after an investigation revealed that employees were routinely accessing patient records unrelated to

Carl B. Johnson · Sep 24, 2023

HIPAA Privacy Rule

The Privacy Rule HIPAA: What Your Organization Must Do

In February 2024, OCR settled with a New England dermatology practice for $300,640 after investigators found the organization had no policies implementing basic Privacy

Carl B. Johnson · Aug 30, 2023

HIPAA Security Rule

The Security Rule Requires Three Safeguards: What to Know

When OCR investigated Premera Blue Cross in 2020, the resulting $6.85 million settlement exposed failures across every category of protection the HIPAA Security Rule

Carl B. Johnson · Aug 30, 2023

HIPAA Rules

The Three Parts of HIPAA Are: What Every Organization Must Know

In 2023, OCR settled with a dental practice for $350,000 after investigators discovered the organization had no written security policies, no risk analysis, and

Carl B. Johnson · Aug 30, 2023

HIPAA Rules

Three HIPAA Rules Every Covered Entity Must Follow

In February 2023, OCR settled with a healthcare provider for $1.25 million after investigators found failures spanning all three HIPAA rules — inadequate safeguards for

Carl B. Johnson · Aug 30, 2023