Healthcare regulatory compliance guidance, strategies, and industry insights
In 2018, the University of Texas MD Anderson Cancer Center lost a $4.3 million appeal after OCR found that the organization had policies on
A receptionist at a small orthopedic clinic in Arizona clicked "Reply All" to an email containing 836 patient records. The breach triggered an
A home health agency in Texas got hit with two separate federal investigations in the same quarter — one from OSHA for failing to maintain a
A receptionist at a dental clinic forwarded a spreadsheet of patient names, Social Security numbers, and insurance IDs to her personal Gmail account so she
A hospital in Texas paid $2.4 million to HHS after a nurse accessed patient records without authorization — and the investigation revealed the organization had
For $15,000, you could skip nursing school and buy a fake diploma. More than 7,600 people did—and many got licensed. Three years later, state boards are still finding them.
After consulting for over 2,500 healthcare organizations, they all had one major risk in common—no audit record or evidence of HIPAA training. Learn how to stay off OCR's radar.
In 2023, OCR settled with a dental practice in New England that had never conducted a risk analysis, never issued a Notice of Privacy Practices,
In February 2024, OCR announced a $4.75 million settlement with a nonprofit health system that failed to conduct an enterprise-wide risk analysis — a failure
In December 2023, the HHS Office for Civil Rights published a Notice of Proposed Rulemaking (NPRM) that would represent the most significant overhaul of the
In 2022, a Texas dental practice paid a $10,000 settlement after a staff member responded to a negative online review by disclosing the patient&
In early 2024, a small behavioral health clinic in the Midwest received a $50,000 OCR civil money penalty after a breach investigation revealed that
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.