HIPAA Need to Know: The Minimum Necessary Standard
In 2023, OCR settled with a health system for $1.3 million after an investigation revealed that employees across multiple departments had unrestricted access to
Expert guidance on HIPAA training, compliance best practices, and healthcare workforce management.
In 2023, OCR settled with a health system for $1.3 million after an investigation revealed that employees across multiple departments had unrestricted access to
When OCR announced a $4.8 million settlement with New York-Presbyterian Hospital and Columbia University in 2014, it was one of the first major enforcement
In 2018, OCR settled with Filefax Inc. for $100,000 after the company left medical records — paper records containing protected health information — sitting in an
When OCR investigators arrive at a covered entity's door — whether triggered by a patient complaint or a reported breach — the first thing they
In January 2024, OCR settled with a dental practice in New England for $50,000 after investigators discovered the organization had been using a HIPAA
In 2023, OCR settled with a covered entity for $40,000 after a former employee accessed patient records without authorization — months after leaving the organization.
When OCR investigated Anthem Inc. and imposed a record $16 million settlement in 2018, the enforcement action didn't just cite a data breach.
In 2023, a small specialty clinic in the Southeast received a corrective action plan from OCR after a breach investigation revealed that their "policies
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed that not a single member of their workforce could correctly
In February 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed that workforce members had never completed documented
In 2023, OCR settled with a dental practice in New England for $350,000 after investigators discovered the organization had no written policies governing the
In 2023, OCR settled with a Florida-based health system for $1.2 million after investigators found that the organization lacked a qualified individual overseeing its
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.