HIPAA Compliance Insights

HIPAA Practice Exam

HIPAA Practice Exam: Test Your Compliance Knowledge

In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed that not a single member of their workforce could correctly

Carl B. Johnson · Dec 4, 2021

HIPAA Privacy Certification

HIPAA Privacy Certification: What Your Workforce Needs

In February 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed that workforce members had never completed documented

Carl B. Johnson · Dec 4, 2021

HIPAA Privacy Policies

HIPAA Privacy Policies: What Your Organization Must Include

In 2023, OCR settled with a dental practice in New England for $350,000 after investigators discovered the organization had no written policies governing the

Carl B. Johnson · Dec 4, 2021

HIPAA Professional

HIPAA Professional: What It Takes to Lead Compliance

In 2023, OCR settled with a Florida-based health system for $1.2 million after investigators found that the organization lacked a qualified individual overseeing its

Carl B. Johnson · Dec 4, 2021

HIPAA Protected Information

HIPAA Protected Information: What Counts and What Doesn't

In 2023, a dental practice in New England paid $50,000 to settle an OCR investigation after a workforce member posted a patient's

Carl B. Johnson · Dec 4, 2021

HIPAA Breach Notification

HIPAA Reporting a Breach: Timelines, Steps, and Pitfalls

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee accessed and sold protected health information (PHI)

Carl B. Johnson · Nov 23, 2021

HIPAA Requirements

What HIPAA Requires: Obligations Every Covered Entity Must Meet

In March 2024, OCR settled with a healthcare provider for $950,000 after an investigation revealed the organization had failed to conduct a risk analysis

Carl B. Johnson · Nov 23, 2021

HIPAA Right of Access

HIPAA Right of Access: What Your Organization Must Know

In 2019, the Office for Civil Rights (OCR) launched its HIPAA Right of Access Initiative — and since then, it has settled or imposed penalties in

Carl B. Johnson · Nov 16, 2021

HIPAA Risk Assessment

HIPAA Risk Assessment Example: A Practical Walkthrough

In February 2023, OCR settled with a healthcare provider for $1.25 million after determining the organization had never conducted a comprehensive risk analysis — despite

Carl B. Johnson · Nov 16, 2021

HIPAA Training

HIPAA Rules and Compliance Training Video: What Works

In 2023, OCR settled with a dental practice in New England for $50,000 after an investigation revealed that no member of its workforce had

Carl B. Johnson · Nov 16, 2021

HIPAA Security Officer Training

HIPAA Security Officer Training: What Your Role Demands

In 2023, OCR settled with a small health plan in Louisiana for $55,000 after an investigation revealed the organization had never designated a security

Carl B. Johnson · Nov 16, 2021

HIPAA Security Rule

HIPAA Security Policy Template: Build One That Works

When OCR investigated Anchorage Community Mental Health Services in 2014, the resulting $150,000 settlement wasn't triggered by a sophisticated cyberattack. It was

Carl B. Johnson · Nov 16, 2021