HIPAA Privacy Rule Compliance: What OCR Expects
In February 2024, OCR announced a $4.75 million settlement with a major healthcare system that failed to provide patients timely access to their medical
Content about HIPAA Privacy Rule requirements and training.
In February 2024, OCR announced a $4.75 million settlement with a major healthcare system that failed to provide patients timely access to their medical
In 2023, OCR settled with a New England dermatology practice for $300,640 after an investigation revealed the organization had failed to properly safeguard patient
In 2023, OCR settled with a dental practice for $350,000 after an employee disclosed a patient's protected health information on social media.
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a hospital employee sold protected health information (PHI) of over
In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to implement even basic safeguards for protected health information.
When Maryland enacted its strict genetic information privacy law and California expanded patient access rights beyond what federal rules require, many healthcare organizations asked the
In 2011, a small physician practice in the Midwest received a patient's written request for an accounting of disclosures. The office manager had
In 2019, OCR launched its HIPAA Right of Access Initiative — and since then, it has settled more than 45 enforcement actions specifically targeting organizations that
In January 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to conduct an enterprise-wide risk
When OCR settled with Premera Blue Cross for $6.85 million in 2020, the enforcement action didn't hinge on a single failure. Investigators
In 2022, a Texas dental practice paid a $10,000 settlement after a staff member responded to a negative online review by disclosing the patient&
When OCR announced in late 2024 that the pandemic-era telehealth enforcement discretion would not be extended indefinitely, hundreds of healthcare organizations suddenly realized they had
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.