Content about HIPAA Security Rule safeguards and workforce training.
A Single Unencrypted Laptop Changed Everything In 2017, a stolen laptop cost Lifespan Health System Affiliated Covered Entity (ACE) a $1,040,000 settlement with
A single missing risk assessment cost Premera Blue Cross $6.85 million in 2020. Not a breach of millions of records — though that happened too.
The One Document OCR Asks For First — Every Single Time I've been involved in over a hundred HIPAA readiness reviews. And I can
Most People Only Know Two of the Five Parts of HIPAA I was running a compliance workshop for a mid-size hospital system last year when
A hospital employee in South Carolina pulls up her ex-husband's medical record to see if he really went to that appointment he mentioned.
In 2018, the University of Texas MD Anderson Cancer Center lost a $4.3 million appeal after OCR found that unencrypted laptops and thumb drives
A community hospital in Yakima, Washington lost an unencrypted laptop in 2013. That single device held the electronic protected health information of 524 patients. The
In 2024, OCR settled with a healthcare provider for $40,000 after an investigation revealed that multiple workforce members had never received HIPAA training — despite
In 2023 alone, OCR settled or imposed civil money penalties in cases totaling over $4 million — and the majority involved failures that any organization with
In February 2024, OCR announced a $4.75 million settlement with a hospital system that failed to conduct an enterprise-wide risk analysis — a requirement that
In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that a single misconfigured server — one that the IT
When OCR investigated a midsize hospital system in 2023, investigators didn't just ask about the breach itself — they asked for six years of
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.