Content about HIPAA Privacy Rule requirements and training.
A scheduling coordinator at a mid-size orthopedic practice pulled a patient's full medical record — psychiatric notes, HIV status, substance abuse history — just to
A Question That Gets People Fired Last year, I consulted with a medical billing company whose CEO genuinely believed HIPAA didn't apply to
Most People Spell It Wrong — And That's Just the Start I once sat in a boardroom where a hospital CEO had "HIPPA
A hospital in Oklahoma City paid $1.19 million to HHS in 2023 because an employee snooped through patient records without authorization. The organization knew
A Single Fax Machine Cost This Hospital $4.8 Million In 2019, a fax at NewYork-Presbyterian Hospital sent a patient's PHI to the
In 2024, OCR settled with a healthcare provider for $40,000 after an investigation revealed that multiple workforce members had never received HIPAA training — despite
In 2023, OCR settled with a dental practice in New England for $50,000 after a patient filed a complaint that the practice had disclosed
In February 2024, OCR announced a $4.75 million settlement with a nonprofit health system that failed to conduct an enterprise-wide risk analysis — a failure
In 2023, a dental practice in New England received a six-figure penalty from OCR after posting appointment reminders on a public-facing scheduling platform that exposed
In 2023 alone, OCR settled or imposed civil money penalties in cases totaling over $4 million — and the majority involved failures that any organization with
When OCR issues a corrective action plan or levies a six-figure penalty, the enforcement letter doesn't reference some obscure regulation — it cites the
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of over
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.