A collection of 28 posts
A Question That Gets People Fired Last year, I consulted with a medical billing company whose CEO genuinely believed HIPAA didn't apply to
A $5.1 Million Mistake Started with One Wrong Assumption In 2017, Memorial Healthcare System paid $5.1 million to settle with the Office for
A community hospital in Yakima, Washington lost an unencrypted laptop in 2013. That single device held the electronic protected health information of 524 patients. The
In February 2024, OCR settled with a healthcare provider for $480,000 after an investigation revealed that their online patient portal lacked basic encryption safeguards
In February 2024, OCR settled with a healthcare provider for $480,000 after an investigation revealed systemic failures to comply with the HIPAA Privacy Rule
When OCR levied a $4.3 million settlement against MD Anderson Cancer Center in 2018 for unencrypted devices containing protected health information, the enforcement authority
In 2023, OCR settled a case with a dental management company — not a dentist, not a hospital, but an administrative services firm — for $350,000
A mid-size hospital system in the Midwest allowed its entire billing department unrestricted access to complete patient medical records — including clinical notes, mental health histories,
In February 2011, Cignet Health of Prince George's County, Maryland, received a $4.3 million civil money penalty from the Office for Civil
In December 2022, OCR issued a bulletin explicitly warning healthcare organizations about the use of tracking technologies on websites and mobile apps — including pixels from
If you've encountered the question "the enforcement rule applies to covered entities only — true or false" on a compliance quiz, you
When Advocate Medical Group paid $5.55 million to settle HIPAA violations in 2016, the penalty wasn't calculated under the original 1996 HIPAA
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.