HIPAA Compliance Insights

HIPAA Privacy Rule

Who Is Required to Comply with the HIPAA Privacy Rule

In 2023, OCR settled with a dental practice in New England for $50,000 after finding it had no policies implementing the Privacy Rule — despite

Carl B. Johnson · Dec 14, 2022

HIPAA History

Who Signed HIPAA Into Law and Why It Still Matters

When OCR levies a multimillion-dollar penalty against a covered entity for failing to conduct a risk analysis, the enforcement action traces its authority back to

Carl B. Johnson · Dec 14, 2022

PHI

Why Is PHI Important? The Stakes Behind Protecting It

In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without any

Carl B. Johnson · Dec 14, 2022

HIPAA History

Why Was HIPAA Enacted? The Real Regulatory History

In 1996, a patient could lose health insurance simply by changing jobs — and their most sensitive medical records could be shared between companies without their

Carl B. Johnson · Dec 14, 2022

HIPAA Violations

Workplace HIPAA Violation: How It Happens and What to Do

In 2023, a hospital employee in New York accessed the medical records of a coworker out of curiosity — no treatment purpose, no payment reason, no

Carl B. Johnson · Dec 14, 2022

HIPAA Rules

5 Rules of HIPAA: What Every Covered Entity Must Know

In 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed failures across multiple HIPAA requirements

Carl B. Johnson · Dec 13, 2022

Administrative Simplification

Administrative Simplification HIPAA: What It Means

When OCR settled with Anthem Inc. for $16 million in 2018 — the largest HIPAA settlement in history at that time — the enforcement action didn'

Carl B. Johnson · Dec 13, 2022

American Health Training HIPAA

American Health Training HIPAA: What You Need to Know

In February 2024, OCR settled with a healthcare system for $480,000 after investigators found that workforce members had never completed HIPAA training — despite handling

Carl B. Johnson · Dec 13, 2022

HIPAA Certification

American Health Training HIPAA Certification Guide

In February 2023, OCR settled with a Florida-based medical practice for $30,000 after investigators found the organization had no evidence of workforce HIPAA training

Carl B. Johnson · Dec 13, 2022

HIPAA Authorization

Authorization for Release of Health Information Form

In 2023, OCR settled with a New England dermatology practice for $300,640 after the organization disclosed protected health information to a patient's

Carl B. Johnson · Dec 13, 2022

Business Associate Agreement

BAA HIPAA Compliance: The Agreement That Prevents Breaches

In June 2023, OCR settled with a dental management company for $350,000 after discovering it had allowed a business associate to access protected health

Carl B. Johnson · Dec 13, 2022

BBP Training

BBP Training Requirements Under HIPAA and OSHA

In 2023, OCR settled with a regional hospital system that had failed to conduct a thorough risk analysis — and during the investigation, auditors discovered the

Carl B. Johnson · Dec 13, 2022