A collection of 31 posts
In December 2022, OCR issued a bulletin explicitly warning healthcare organizations about the use of tracking technologies on websites and mobile apps — including pixels from
If you've encountered the question "the enforcement rule applies to covered entities only — true or false" on a compliance quiz, you
When Advocate Medical Group paid $5.55 million to settle HIPAA violations in 2016, the penalty wasn't calculated under the original 1996 HIPAA
In January 2013, the Department of Health and Human Services published a rule that fundamentally restructured HIPAA enforcement — and many healthcare organizations are still catching
In 2023, OCR settled with a behavioral health provider for $1.25 million after the organization disclosed substance abuse treatment records without patient authorization. The
In 2009, the Department of Health and Human Services reported that fewer than 10% of U.S. hospitals had adopted even a basic electronic health
In June 2023, OCR settled with a dental management company for $350,000 after discovering it had allowed a business associate to access protected health
In 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed it had allowed a business associate to access
In 2023, OCR settled with a business associate — a medical records management company — for $100,000 after an investigation revealed failures to safeguard protected health
In 2023, OCR settled with a solo dental practice in New England for $30,000—not because of a massive data breach, but because the
In February 2024, OCR announced a $4.75 million settlement with a health system that failed to manage its business associate relationships — a pattern enforcement
In 2024, OCR settled with a business associate — a medical transcription company — for $1.2 million after a breach investigation revealed that not a single
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.