HIPAA Rules: What Most Organizations Still Get Wrong
A Single Fax Machine Cost This Hospital $4.8 Million In 2019, a fax at NewYork-Presbyterian Hospital sent a patient's PHI to the
Content about HIPAA Privacy Rule requirements and training.
A Single Fax Machine Cost This Hospital $4.8 Million In 2019, a fax at NewYork-Presbyterian Hospital sent a patient's PHI to the
In 2024, OCR settled with a healthcare provider for $40,000 after an investigation revealed that multiple workforce members had never received HIPAA training — despite
In 2023, OCR settled with a dental practice in New England for $50,000 after a patient filed a complaint that the practice had disclosed
In February 2024, OCR announced a $4.75 million settlement with a nonprofit health system that failed to conduct an enterprise-wide risk analysis — a failure
In 2023, a dental practice in New England received a six-figure penalty from OCR after posting appointment reminders on a public-facing scheduling platform that exposed
In 2023 alone, OCR settled or imposed civil money penalties in cases totaling over $4 million — and the majority involved failures that any organization with
When OCR issues a corrective action plan or levies a six-figure penalty, the enforcement letter doesn't reference some obscure regulation — it cites the
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of over
In December 2023, the HHS Office for Civil Rights published a Notice of Proposed Rulemaking (NPRM) that would represent the most significant overhaul of the
In 2022, OCR settled with a dental practice in New England for $30,000 after an investigation revealed — among other violations — that the practice had
When OCR announced a $4.8 million settlement with New York-Presbyterian Hospital and Columbia University in 2014, the enforcement action underscored a regulatory landscape that
In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to conduct an enterprise-wide risk
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.