A collection of 31 posts
A cloud storage vendor loses a laptop containing 20,000 patient records. The hospital that hired them gets the breach notification letter. The vendor insists
A gym owner in Texas once told me, straight-faced, that his business was HIPAA exempt because he wasn't a doctor. He collected health
The Question That Catches Most Compliance Officers Off Guard A hospital system I worked with had 14,000 employees. Their HIPAA training program covered about
A Question That Gets People Fired Last year, I consulted with a medical billing company whose CEO genuinely believed HIPAA didn't apply to
A $5.1 Million Mistake Started with One Wrong Assumption In 2017, Memorial Healthcare System paid $5.1 million to settle with the Office for
A community hospital in Yakima, Washington lost an unencrypted laptop in 2013. That single device held the electronic protected health information of 524 patients. The
In February 2024, OCR settled with a healthcare provider for $480,000 after an investigation revealed that their online patient portal lacked basic encryption safeguards
In February 2024, OCR settled with a healthcare provider for $480,000 after an investigation revealed systemic failures to comply with the HIPAA Privacy Rule
When OCR levied a $4.3 million settlement against MD Anderson Cancer Center in 2018 for unencrypted devices containing protected health information, the enforcement authority
In 2023, OCR settled a case with a dental management company — not a dentist, not a hospital, but an administrative services firm — for $350,000
A mid-size hospital system in the Midwest allowed its entire billing department unrestricted access to complete patient medical records — including clinical notes, mental health histories,
In February 2011, Cignet Health of Prince George's County, Maryland, received a $4.3 million civil money penalty from the Office for Civil
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.