A collection of 26 posts
A few years ago, I got a call from the CEO of a mid-sized billing company. His team had been processing claims for a hospital
A Psychiatrist Hit "Start Meeting" and Everything Went Wrong A behavioral health provider in the Midwest was using Zoom for patient sessions throughout
The Downstream Liability Most Business Associates Overlook In 2023, OCR settled with a medical transcription company for over $100,000 after a breach traced not
In January 2025, HHS confirmed that the temporary telehealth enforcement discretion introduced during the COVID-19 public health emergency has ended. That means every healthcare organization
In 2024, OCR settled with a New England dermatology practice for $300,000 after discovering that protected health information had been disclosed to a vendor
In 2022, OCR settled with a health plan for $875,000 after an investigation revealed that protected health information stored in a cloud environment lacked
In early 2023, a small behavioral health practice in the Midwest contacted me after receiving a patient complaint. A clinician had been conducting therapy sessions
In 2016, OCR settled with North Memorial Health Care of Minnesota for $1.55 million after determining that a business associate had provided PHI access
In 2023, OCR settled with a health system for $1.25 million after discovering that the organization had allowed a vendor to access protected health
In June 2023, OCR settled with a dental management company for $350,000 after discovering it had allowed a business associate to access protected health
In 2023, OCR settled with a business associate that failed to ensure its subcontractors had proper safeguards in place for protected health information. The penalty
In 2023, OCR settled with a business associate that failed to ensure its subcontractor had adequate safeguards for protected health information — resulting in a six-figure
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.