HIPAA Online: How Digital Compliance Has Changed
In February 2024, OCR settled with a healthcare provider for $480,000 after an investigation revealed that their online patient portal lacked basic encryption safeguards
A collection of 37 posts
In February 2024, OCR settled with a healthcare provider for $480,000 after an investigation revealed that their online patient portal lacked basic encryption safeguards
In February 2024, OCR settled with a healthcare provider for $480,000 after an investigation revealed systemic failures to comply with the HIPAA Privacy Rule
When OCR levied a $4.3 million settlement against MD Anderson Cancer Center in 2018 for unencrypted devices containing protected health information, the enforcement authority
In 2023, OCR settled a case with a dental management company — not a dentist, not a hospital, but an administrative services firm — for $350,000
A mid-size hospital system in the Midwest allowed its entire billing department unrestricted access to complete patient medical records — including clinical notes, mental health histories,
In February 2011, Cignet Health of Prince George's County, Maryland, received a $4.3 million civil money penalty from the Office for Civil
In December 2022, OCR issued a bulletin explicitly warning healthcare organizations about the use of tracking technologies on websites and mobile apps — including pixels from
If you've encountered the question "the enforcement rule applies to covered entities only — true or false" on a compliance quiz, you
When Advocate Medical Group paid $5.55 million to settle HIPAA violations in 2016, the penalty wasn't calculated under the original 1996 HIPAA
In January 2013, the Department of Health and Human Services published a rule that fundamentally restructured HIPAA enforcement — and many healthcare organizations are still catching
In 2023, OCR settled with a behavioral health provider for $1.25 million after the organization disclosed substance abuse treatment records without patient authorization. The
In 2009, the Department of Health and Human Services reported that fewer than 10% of U.S. hospitals had adopted even a basic electronic health
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.