HIPAA Privacy Rule

Business Associate Agreement

Business Associate HIPAA Agreement: What Must Be Included

In September 2023, OCR settled with a health system for $1.3 million after investigators found the organization had allowed a vendor to access protected

Oct 28, 2022

Business Associate Agreement

Business Associates Agreement HIPAA: What You Must Include

In 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed it had allowed a business associate to access

Oct 25, 2022

Business Associates

Business Associates Must Comply with the HIPAA Privacy Standards

In 2023, OCR settled with a business associate — a medical records management company — for $100,000 after an investigation revealed failures to safeguard protected health

Oct 25, 2022

HIPAA Violation

Can I Sue for a HIPAA Violation? What You Need to Know

Every month, patients contact OCR after discovering a hospital shared their medical records without authorization, a business associate lost a laptop containing thousands of patient

Oct 25, 2022

Elements of HIPAA

Elements of HIPAA: The Core Rules Every Organization Must Know

In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed systemic failures across multiple

Sep 3, 2022

Elements of PHI

Elements of PHI: What Qualifies as Protected Health Information

In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had disclosed patient names, treatment records, and Social

Sep 3, 2022

HIPAA Compliance

Essential Part of HIPAA Compliance Most Organizations Miss

In 2023, OCR settled with a solo dental practice in New England for $30,000—not because of a massive data breach, but because the

Jul 18, 2022

HIPAA Violations

Healthcare HIPAA Violations: What Triggers OCR Enforcement

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a workforce member stole protected health information (PHI) of over

Apr 28, 2022

HHS HIPAA Training

HHS HIPAA Training: What Your Organization Must Know

In February 2024, OCR settled with a Louisiana medical group for $480,000 after an investigation revealed — among other failures — that the organization had never

Apr 28, 2022

HIPAA Basic Rules

HIPAA Basic Rules Every Covered Entity Must Follow

In February 2024, OCR settled with a Louisiana medical group for $480,000 after investigators found the organization had failed to implement even the most

Apr 1, 2022

HIPAA Compliance Law

HIPAA Compliance Law: What Your Organization Must Know

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of over

Feb 28, 2022

HIPAA Compliant Tracking

HIPAA Compliant Tracking: What Covered Entities Must Know

In December 2022, OCR issued a bulletin that sent shockwaves through the healthcare industry. The agency confirmed that common website tracking technologies — pixels, session replay

Feb 19, 2022