HIPAA Compliance Insights

HIPAA Compliance Testing

HIPAA Compliance Testing Services: What OCR Expects

In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had never performed penetration testing or vulnerability scanning

Carl B. Johnson · Feb 28, 2022

HIPAA Training

HIPAA Compliance Training Certificate: What It Means

In 2023, OCR settled with a Florida-based healthcare provider for $25,000 after investigators discovered that multiple workforce members had never completed basic privacy and

Carl B. Johnson · Feb 28, 2022

HIPAA Compliance

HIPAA Compliant Cloud Provider: What You Must Verify

In 2022, OCR settled with a health plan for $1.25 million after an investigation revealed that the organization had migrated protected health information to

Carl B. Johnson · Feb 28, 2022

HIPAA Consent Form

HIPAA Compliant Consent Form: What You Actually Need

In 2023, a dental practice in the Southeast received an OCR investigation after a patient complained that their protected health information was shared with a

Carl B. Johnson · Feb 19, 2022

HIPAA Compliant Tracking

HIPAA Compliant Tracking: What Covered Entities Must Know

In December 2022, OCR issued a bulletin that sent shockwaves through the healthcare industry. The agency confirmed that common website tracking technologies — pixels, session replay

Carl B. Johnson · Feb 19, 2022

HIPAA Data Retention

HIPAA Data Retention Policy: What You Must Keep and For How Long

In 2023, a mid-sized cardiology practice in Texas received an OCR investigation request following a patient complaint. The issue wasn't a data breach

Carl B. Johnson · Feb 19, 2022

HIPAA Dentist

HIPAA Dentist Requirements: A Compliance Guide

In 2019, a Texas dental practice paid $10,000 to settle potential HIPAA violations after OCR investigated an impermissible disclosure of a patient's

Carl B. Johnson · Feb 19, 2022

Doctor Patient Confidentiality

HIPAA Doctor Patient Confidentiality: What Providers Miss

In 2023, a small cardiology practice in New England agreed to a $130,000 settlement with the Office for Civil Rights after a physician discussed

Carl B. Johnson · Feb 19, 2022

HIPAA Email Retention

HIPAA Email Retention: What Your Organization Must Keep

In 2023, a mid-sized health plan paid over $1.2 million in a settlement with the HHS Office for Civil Rights after failing to produce

Carl B. Johnson · Feb 19, 2022

HIPAA for Dental

HIPAA for Dental Practices: Compliance Beyond the Chair

In 2022, a small dental practice in North Carolina paid $50,000 to settle potential HIPAA violations after OCR found the office had no risk

Carl B. Johnson · Feb 15, 2022

HIPAA for Dentists

HIPAA for Dentists: Compliance Rules Every Practice Needs

In 2022, OCR investigated a small dental practice in North Carolina that had failed to provide patients with a Notice of Privacy Practices for over

Carl B. Johnson · Jan 28, 2022

HIPAA for Healthcare Professionals

HIPAA for Healthcare Professionals: What OCR Expects

In February 2024, OCR announced a $4.75 million settlement with a hospital system after a nurse accessed patient records without a treatment, payment, or

Carl B. Johnson · Jan 28, 2022