A collection of 42 posts
In early 2023, a dental practice in Texas received an OCR complaint after a staff member texted appointment reminders containing diagnosis codes to patients who
In 2023, OCR settled with a Florida-based health system for $1.3 million after an investigation revealed that workforce members had been accessing patient records
In 2023, OCR settled a case with a dental management company — not a dentist, not a hospital, but an administrative services firm — for $350,000
A mid-size hospital system in the Midwest allowed its entire billing department unrestricted access to complete patient medical records — including clinical notes, mental health histories,
In 2019, a small cardiology practice in New England received a complaint after a terminated employee reported that patient records were stored in an unlocked
In 2023, a mid-sized hospital in the Southeast faced simultaneous investigations from OSHA and OCR after a needlestick incident exposed a nurse to bloodborne pathogens
In 2023, a mid-sized dermatology practice in Texas received citations from both OSHA and OCR within the same quarter — one for failing to train staff
In 2023, a mid-sized hospital system paid $1.3 million to settle with OCR after a researcher published a dataset they believed was "anonymized&
In 2023, a mid-sized hospital system in the Midwest paid $125,000 to settle an OCR investigation after it disclosed patient records based on an
If you've encountered the question "the enforcement rule applies to covered entities only — true or false" on a compliance quiz, you
In 2023, OCR settled with a covered entity for over $100,000 after an investigation revealed that employees were routinely accessing patient records unrelated to
In 2023, the Office for Civil Rights (OCR) settled or imposed penalties in cases totaling over $4 million — all stemming from organizations that failed to
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.