Which Action Would Be Considered a Technical Safeguard
In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement basic access controls on
HIPAA regulations, compliance requirements, and violation prevention
In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement basic access controls on
In February 2023, the Office for Civil Rights settled with a dental practice in New England for $30,000 after the organization failed to provide
In 2023, OCR settled with a healthcare analytics company for over $1.5 million after the organization shared datasets it believed were de-identified — but which
In 2023, OCR settled with a covered entity for $1.3 million after an investigation revealed the organization had misclassified certain data as non-PHI — and
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient names, treatment records, and
During a 2023 OCR investigation, a mid-sized cardiology practice received a $1.5 million penalty — not because of a sophisticated cyberattack, but because staff routinely
Every year, OCR investigations reveal the same pattern: organizations that misidentify what HIPAA actually requires end up with the most damaging audit findings. One of
In 2023, OCR settled with a medical practice for $50,000 after an unauthorized employee accessed patient records with no treatment, payment, or operational justification.
In 2023, OCR settled with a dental practice in New England for $50,000 after finding it had no policies implementing the Privacy Rule — despite
When OCR levies a multimillion-dollar penalty against a covered entity for failing to conduct a risk analysis, the enforcement action traces its authority back to
In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without any
In 1996, a patient could lose health insurance simply by changing jobs — and their most sensitive medical records could be shared between companies without their
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.