HIPAA regulations, compliance requirements, and violation prevention
When OCR announced a $4.8 million settlement with New York-Presbyterian Hospital and Columbia University in 2014, it was one of the first major enforcement
In 2018, OCR settled with Filefax Inc. for $100,000 after the company left medical records — paper records containing protected health information — sitting in an
When OCR investigators arrive at a covered entity's door — whether triggered by a patient complaint or a reported breach — the first thing they
In January 2024, OCR settled with a dental practice in New England for $50,000 after investigators discovered the organization had been using a HIPAA
In 2023, OCR settled with a covered entity for $40,000 after a former employee accessed patient records without authorization — months after leaving the organization.
When OCR investigated Anthem Inc. and imposed a record $16 million settlement in 2018, the enforcement action didn't just cite a data breach.
In 2023, a small specialty clinic in the Southeast received a corrective action plan from OCR after a breach investigation revealed that their "policies
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed that not a single member of their workforce could correctly
In 2023, OCR settled with a Florida-based health system for $1.2 million after investigators found that the organization lacked a qualified individual overseeing its
In 2023, a dental practice in New England paid $50,000 to settle an OCR investigation after a workforce member posted a patient's
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee accessed and sold protected health information (PHI)
In March 2024, OCR settled with a healthcare provider for $950,000 after an investigation revealed the organization had failed to conduct a risk analysis
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.