Content about HIPAA Privacy Rule requirements and training.
In December 2023, the HHS Office for Civil Rights published a Notice of Proposed Rulemaking (NPRM) that would represent the most significant overhaul of the
In 2022, OCR settled with a dental practice in New England for $30,000 after an investigation revealed — among other violations — that the practice had
When OCR announced a $4.8 million settlement with New York-Presbyterian Hospital and Columbia University in 2014, the enforcement action underscored a regulatory landscape that
In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to conduct an enterprise-wide risk
In February 2024, OCR announced a $4.75 million settlement with a major healthcare system that failed to provide patients timely access to their medical
In 2023, OCR settled with a New England dermatology practice for $300,640 after an investigation revealed the organization had failed to properly safeguard patient
In 2023, OCR settled with a dental practice for $350,000 after an employee disclosed a patient's protected health information on social media.
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a hospital employee sold protected health information (PHI) of over
In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to implement even basic safeguards for protected health information.
When Maryland enacted its strict genetic information privacy law and California expanded patient access rights beyond what federal rules require, many healthcare organizations asked the
In 2011, a small physician practice in the Midwest received a patient's written request for an accounting of disclosures. The office manager had
In 2019, OCR launched its HIPAA Right of Access Initiative — and since then, it has settled more than 45 enforcement actions specifically targeting organizations that
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.