Which Items Are Considered PHI Under HIPAA Rules
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient names, treatment records, and
Content about HIPAA Privacy Rule requirements and training.
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient names, treatment records, and
In 2023, OCR settled with a medical practice for $50,000 after an unauthorized employee accessed patient records with no treatment, payment, or operational justification.
In 2023, OCR settled with a dental practice in New England for $50,000 after finding it had no policies implementing the Privacy Rule — despite
When OCR levies a multimillion-dollar penalty against a covered entity for failing to conduct a risk analysis, the enforcement action traces its authority back to
In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without any
In 1996, a patient could lose health insurance simply by changing jobs — and their most sensitive medical records could be shared between companies without their
In 2023, a hospital employee in New York accessed the medical records of a coworker out of curiosity — no treatment purpose, no payment reason, no
When OCR settled with Anthem Inc. for $16 million in 2018 — the largest HIPAA settlement in history at that time — the enforcement action didn'
In September 2023, OCR settled with a health system for $1.3 million after investigators found the organization had allowed a vendor to access protected
In 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed it had allowed a business associate to access
In 2023, OCR settled with a business associate — a medical records management company — for $100,000 after an investigation revealed failures to safeguard protected health
Every month, patients contact OCR after discovering a hospital shared their medical records without authorization, a business associate lost a laptop containing thousands of patient
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.