A collection of 28 posts
In January 2013, the Department of Health and Human Services published a rule that fundamentally restructured HIPAA enforcement — and many healthcare organizations are still catching
In 2023, OCR settled with a behavioral health provider for $1.25 million after the organization disclosed substance abuse treatment records without patient authorization. The
In 2009, the Department of Health and Human Services reported that fewer than 10% of U.S. hospitals had adopted even a basic electronic health
In June 2023, OCR settled with a dental management company for $350,000 after discovering it had allowed a business associate to access protected health
In 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed it had allowed a business associate to access
In 2023, OCR settled with a business associate — a medical records management company — for $100,000 after an investigation revealed failures to safeguard protected health
In 2023, OCR settled with a solo dental practice in New England for $30,000—not because of a massive data breach, but because the
In February 2024, OCR announced a $4.75 million settlement with a health system that failed to manage its business associate relationships — a pattern enforcement
In 2024, OCR settled with a business associate — a medical transcription company — for $1.2 million after a breach investigation revealed that not a single
A physician texts a colleague a patient's lab results using a personal smartphone. A front-desk coordinator sends an appointment reminder via standard SMS
In 2024, OCR settled with a medical transcription company for $1.2 million after a breach investigation revealed the business associate had never conducted a
In 2023, OCR settled with a Florida-based healthcare provider for $25,000 after investigators discovered that multiple workforce members had never completed basic privacy and
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.