Content about HIPAA Security Rule safeguards and workforce training.
In 2018, the University of Texas MD Anderson Cancer Center lost a $4.3 million appeal after OCR found that unencrypted laptops and thumb drives
A community hospital in Yakima, Washington lost an unencrypted laptop in 2013. That single device held the electronic protected health information of 524 patients. The
In 2024, OCR settled with a healthcare provider for $40,000 after an investigation revealed that multiple workforce members had never received HIPAA training — despite
In 2023 alone, OCR settled or imposed civil money penalties in cases totaling over $4 million — and the majority involved failures that any organization with
In February 2024, OCR announced a $4.75 million settlement with a hospital system that failed to conduct an enterprise-wide risk analysis — a requirement that
In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that a single misconfigured server — one that the IT
When OCR investigated a midsize hospital system in 2023, investigators didn't just ask about the breach itself — they asked for six years of
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of over
In December 2023, the HHS Office for Civil Rights published a Notice of Proposed Rulemaking (NPRM) that would represent the most significant overhaul of the
When OCR announced a $4.8 million settlement with New York-Presbyterian Hospital and Columbia University in 2014, the enforcement action underscored a regulatory landscape that
In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to conduct an enterprise-wide risk
In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to implement even basic safeguards for protected health information.
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.