HIPAA regulations, compliance requirements, and violation prevention
In 2019, the Office for Civil Rights (OCR) launched its HIPAA Right of Access Initiative — and since then, it has settled or imposed penalties in
In 2023, OCR settled with a dental practice in New England for $50,000 after an investigation revealed that no member of its workforce had
In 2023, OCR settled with a small health plan in Louisiana for $55,000 after an investigation revealed the organization had never designated a security
When OCR investigated Anchorage Community Mental Health Services in 2014, the resulting $150,000 settlement wasn't triggered by a sophisticated cyberattack. It was
In February 2024, OCR settled with a healthcare provider for $480,000 after investigators found the organization had never conducted a comprehensive risk analysis — a
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee accessed and sold the electronic protected health
In December 2023, HHS published a Notice of Proposed Rulemaking (NPRM) that represents the most significant update to the HIPAA Security Rule since its original
In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to encrypt protected health information
In 2023, OCR settled with a dental practice in New England for $50,000 — not because they lacked policies, but because the policies they had
In 2023, a regional health system paid $850,000 to settle an OCR investigation that traced a data breach back to a single unsecured text
In 2023, OCR settled with a Louisiana medical group for $480,000 after an investigation revealed — among other failures — that the organization had never implemented
In 2023, OCR settled with a Florida-based medical practice for $30,000 after an investigation revealed that multiple workforce members had never completed HIPAA training
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.