HIPAA Compliance Insights

HIPAA Basics

What Is the HIPAA? A Practical Compliance Guide

In February 2023, OCR settled with a dental practice in New England for $23,000 after a patient complaint revealed the organization had no written

Carl B. Johnson · Feb 18, 2023

HIPAA Compliance

What Is the HIPAA Compliance Framework? A Full Guide

In February 2024, OCR announced a $480,000 settlement with a New England dermatology practice that failed to conduct an enterprise-wide risk analysis — a core

Carl B. Johnson · Jan 27, 2023

HIPAA Privacy Rule

What Is the Privacy Rule Responsible for Protecting?

In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without a

Carl B. Johnson · Jan 27, 2023

Anti-Kickback Statute

What Law Prohibits Offering Payment to Induce Referrals

In 2023, the Department of Justice recovered over $2.68 billion in judgments and settlements involving healthcare fraud — a significant portion tied to illegal referral

Carl B. Johnson · Jan 27, 2023

HIPAA Enforcement

What Office Enforces HIPAA and How They Hold You Accountable

In February 2023, the Office for Civil Rights (OCR) announced a $1.3 million settlement with a health plan that failed to provide timely access

Carl B. Johnson · Jan 27, 2023

HIPAA Security Rule

What Safeguards Does the HIPAA Security Rule Require?

In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had failed to implement even basic safeguards for

Carl B. Johnson · Jan 27, 2023

HITECH Act

What Was the Primary Goal of the HITECH Act?

In 2009, the Department of Health and Human Services reported that fewer than 10% of U.S. hospitals had adopted even a basic electronic health

Carl B. Johnson · Jan 27, 2023

PHI

What's Considered PHI Under HIPAA: A Practical Guide

In 2023, OCR settled with a dental practice for $350,000 after an impermissible disclosure involving patient appointment data — information the practice didn't

Carl B. Johnson · Jan 27, 2023

HIPAA Violation

What's a HIPAA Violation? Real Examples and Penalties

In February 2023, OCR settled with Banner Health for $1.25 million after a phishing attack exposed the protected health information of nearly 3 million

Carl B. Johnson · Jan 27, 2023

HIPAA Privacy Rule

When Can a Covered Entity Disclose PHI Legally?

In 2023, OCR settled with a dental practice for $350,000 after the organization disclosed a patient's protected health information to a third-party

Carl B. Johnson · Jan 27, 2023

HIPAA Privacy Rule

When Can You Use or Disclose PHI: A Compliance Guide

In 2023, OCR settled with a dental practice for $350,000 after the organization disclosed a patient's protected health information to a third-party

Carl B. Johnson · Jan 27, 2023

Breach Notification Rule

When Is a Breach Notification Not Required Under HIPAA

In 2023, OCR received over 700 large breach reports from covered entities and business associates — each one triggering federal and state notification obligations, media attention,

Carl B. Johnson · Jan 21, 2023