HIPAA BAA
What Is a HIPAA BAA and Why Your Organization Needs One
In 2023, OCR settled with a health system for $1.25 million after discovering that the organization had allowed a vendor to access protected health
Tag
HIPAA Privacy Rule
Content about HIPAA Privacy Rule requirements and training.
HIPAA Violation
What Is a Violation of HIPAA? Real Examples and Risks
In February 2023, OCR settled with Banner Health for $1.25 million after a breach affected nearly 3 million patients — the result of insufficient access
HIPAA
What Is HIPAA and HITECH: A Compliance Guide
In February 2011, a major health system paid $4.3 million to settle with the Office for Civil Rights after stolen laptops exposed the electronic
HIPAA Authorization
What Is HIPAA Authorization at Kaiser: A Practical Guide
In 2024, Kaiser Permanente disclosed that a tracking technology breach potentially exposed the protected health information of 13.4 million individuals — one of the largest
Notice of Privacy Practices
What Is Notice of Privacy Practices Under HIPAA?
In 2022, a small dental practice in the Southeast received a corrective action letter from the Office for Civil Rights (OCR) after a patient complaint
Omnibus Rule
What Is the Omnibus Rule? A Practical HIPAA Guide
In January 2013, the Department of Health and Human Services published a rule that fundamentally restructured HIPAA enforcement — and many healthcare organizations are still catching
PHI
What Is PHI and What Is Not: A Practical Guide
In 2023, a dental practice in New England received a $50,000 OCR settlement after a workforce member posted a patient's before-and-after photos
Protected Health Information
What Is Protected Health Information? Examples Every CE Needs
In 2023, a dental practice in New England paid a $50,000 settlement to the Office for Civil Rights after a workforce member posted a
Sensitive Health Information
What Is Sensitive Health Information Under HIPAA?
In 2023, OCR settled with a behavioral health provider for $1.25 million after the organization disclosed substance abuse treatment records without patient authorization. The
HIPAA Compliance
What Is the HIPAA Compliance Framework? A Full Guide
In February 2024, OCR announced a $480,000 settlement with a New England dermatology practice that failed to conduct an enterprise-wide risk analysis — a core
HIPAA Privacy Rule
What Is the Privacy Rule Responsible for Protecting?
In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without a
HIPAA Privacy Rule
When Can a Covered Entity Disclose PHI Legally?
In 2023, OCR settled with a dental practice for $350,000 after the organization disclosed a patient's protected health information to a third-party