Protected Health Information Under HIPAA: What Counts
In February 2024, a dental practice in New England received a $50,000 penalty from the HHS Office for Civil Rights after an employee texted
HIPAA regulations, compliance requirements, and violation prevention
In February 2024, a dental practice in New England received a $50,000 penalty from the HHS Office for Civil Rights after an employee texted
In December 2023, HHS published a Notice of Proposed Rulemaking (NPRM) that would represent the most significant overhaul of the HIPAA Security Rule since its
When OCR settled with Banner Health for $1.25 million in 2023, the core finding was painfully familiar: the organization had failed to conduct an
In 2023, OCR settled with a healthcare provider for $1.3 million after an investigation revealed the organization had no encryption on portable devices, no
In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to implement even basic security
In 2023, OCR settled with a New England dermatology practice for $300,640 after an unencrypted thumb drive containing the protected health information of over
In 2016, OCR settled with a business associate for $650,000 after a subcontractor experienced a breach affecting over 11,000 patients — and no business
In 2024, OCR settled with a New England dermatology practice for $300,640 after an investigation revealed the organization had no policies implementing the Privacy
In 2023, CMS published over 12.9 billion dollars in physician payment data through the Open Payments database — the public-facing arm of the Sunshine Act.
When OCR announced in late 2023 that the COVID-era telehealth enforcement discretion would not last forever, many healthcare organizations realized they had been operating telemedicine
In 2023, a dermatology practice in Connecticut paid $150,000 to settle an OCR investigation that traced back, in part, to unsecured electronic communications — including
In 2023, a dental practice in Texas paid a $50,000 settlement to OCR after a staff member texted appointment reminders containing diagnostic codes to
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.