Minimum Necessary HIPAA: The Rule You're Probably Violating
A mid-size hospital system in the Midwest allowed its entire billing department unrestricted access to complete patient medical records — including clinical notes, mental health histories,
Content about HIPAA Privacy Rule requirements and training.
A mid-size hospital system in the Midwest allowed its entire billing department unrestricted access to complete patient medical records — including clinical notes, mental health histories,
In 2023, OCR settled a case with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records
In 2022, OCR settled with a dental practice in New England for $50,000 — not because of a data breach, but because the practice failed
In 2022, OCR settled with a dental practice in North Carolina for $50,000 — not because of a data breach, but because the practice failed
In 2022, OCR settled with a dental practice in Georgia for $62,500 — not because of a data breach, but because the practice failed to
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had disclosed patient health information PHI to a
In 2023, a mid-sized hospital system paid $1.3 million to settle with OCR after a researcher published a dataset they believed was "anonymized&
In 2023, OCR settled with a health system that had been using an outdated authorization form for nearly four years — one that failed to include
In 2023, OCR settled with a dental practice in New England for $50,000 after it disclosed patient records to a third-party marketing firm without
In 2022, a dental practice in New England received a corrective action from OCR after an employee discussed a patient's treatment plan loudly
A compliance officer at a mid-size clinic recently told me her staff believed that PHI must be protected in all forms except verbal conversations — that
In 2023, OCR settled with a dental practice for $350,000 after investigators found the organization had addressed its Privacy Rule obligations but had done
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.