HIPAA Compliance Insights

Patient Privacy Rights

Patient Privacy Rights: What Covered Entities Owe

In September 2023, OCR settled with a health plan for $40,000 after the organization failed to provide a patient with timely access to their

Carl B. Johnson · Aug 31, 2020

Patient Protected Information

Patient Protected Information: What HIPAA Requires

In 2023, OCR settled with a dental practice in New England for $50,000 after an investigation revealed that staff members were routinely sharing patient

Carl B. Johnson · Aug 31, 2020

HIPAA Penalties

Penalty for Violating HIPAA: What Your Organization Risks

In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed systemic failures in risk

Carl B. Johnson · Aug 31, 2020

PHI

PHI and HIPAA Compliance: What Covered Entities Get Wrong

In 2023, OCR settled with a dental practice in New England for $350,000 after an investigation revealed that staff members had been sharing patient

Carl B. Johnson · Aug 31, 2020

PHI Identifiers

PHI Identifiers HIPAA: The 18 Data Elements You Must Protect

In 2023, OCR settled with a New England dermatology practice for $300,640 after an investigation revealed that protected health information — including names, dates of

Carl B. Johnson · Aug 31, 2020

PHI Training

PHI Training: What Your Workforce Must Know in 2025

In February 2024, OCR settled with a dental practice for $70,000 after an employee disclosed a patient's treatment information on social media.

Carl B. Johnson · Aug 31, 2020

Privacy Law Healthcare

Privacy Law Healthcare: What Covered Entities Must Know

In February 2024, OCR settled with a Louisiana medical group for $480,000 after determining that the organization had failed to provide patients timely access

Carl B. Johnson · Aug 31, 2020

Protected Health Information

Protected Health Information Under HIPAA: What Counts

In February 2024, a dental practice in New England received a $50,000 penalty from the HHS Office for Civil Rights after an employee texted

Carl B. Johnson · Jun 24, 2020

HIPAA Updates

Recent HIPAA Updates: What Changed and What You Must Do

In December 2023, HHS published a Notice of Proposed Rulemaking (NPRM) that would represent the most significant overhaul of the HIPAA Security Rule since its

Carl B. Johnson · Jun 24, 2020

Risk Analysis

Risk Analysis HIPAA: The Requirement That Drives Most Fines

When OCR settled with Banner Health for $1.25 million in 2023, the core finding was painfully familiar: the organization had failed to conduct an

Carl B. Johnson · May 20, 2020

HIPAA Safeguards

Safeguards for HIPAA: What Your Organization Must Implement

In 2023, OCR settled with a healthcare provider for $1.3 million after an investigation revealed the organization had no encryption on portable devices, no

Carl B. Johnson · Mar 31, 2020

HIPAA Compliance Plan

Sample HIPAA Compliance Plan: Build Yours the Right Way

In 2023, OCR settled with a covered entity for $1.25 million — not because of a sophisticated cyberattack, but because the organization lacked a written,

Carl B. Johnson · Mar 14, 2020