HIPAA Security Rule

ePHI

Which of the Following Is an Example of ePHI?

During a 2023 OCR investigation, a mid-sized cardiology practice received a $1.5 million penalty — not because of a sophisticated cyberattack, but because staff routinely

Jan 9, 2023

HIPAA Safeguards

Which of the Following Is Not a HIPAA Safeguard?

Every year, OCR investigations reveal the same pattern: organizations that misidentify what HIPAA actually requires end up with the most damaging audit findings. One of

Dec 14, 2022

HIPAA History

Who Signed HIPAA Into Law and Why It Still Matters

When OCR levies a multimillion-dollar penalty against a covered entity for failing to conduct a risk analysis, the enforcement action traces its authority back to

Dec 14, 2022

Administrative Simplification

Administrative Simplification HIPAA: What It Means

When OCR settled with Anthem Inc. for $16 million in 2018 — the largest HIPAA settlement in history at that time — the enforcement action didn'

Dec 13, 2022

Business Associate Agreement

BAA HIPAA Compliance: The Agreement That Prevents Breaches

In June 2023, OCR settled with a dental management company for $350,000 after discovering it had allowed a business associate to access protected health

Dec 13, 2022

Business Associate Agreement

Business Associate HIPAA Agreement: What Must Be Included

In September 2023, OCR settled with a health system for $1.3 million after investigators found the organization had allowed a vendor to access protected

Oct 28, 2022

Business Associate

Business Associate HIPAA Compliance: What CEs Must Enforce

In June 2023, OCR settled with a business associate — a medical records management company — for $75,000 after a breach exposed the protected health information

Oct 25, 2022

Business Associate Agreement

Business Associates Agreement HIPAA: What You Must Include

In 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed it had allowed a business associate to access

Oct 25, 2022

CMS HIPAA Training

CMS HIPAA Training: What Healthcare Organizations Must Know

In 2023, OCR settled with a covered entity for $1.3 million after investigators discovered that workforce members had never received adequate HIPAA training — despite

Oct 25, 2022

HIPAA Compliant Email

Compliant Email: HIPAA Rules for Sending PHI Securely

In 2023, OCR settled with a healthcare provider for over $100,000 after an investigation revealed that staff routinely sent unencrypted emails containing protected health

Sep 3, 2022

EHR and HIPAA Compliance

EHR and HIPAA Compliance: What Your Organization Must Get Right

In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that a former employee had accessed over 2,700

Sep 3, 2022

Elements of HIPAA

Elements of HIPAA: The Core Rules Every Organization Must Know

In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed systemic failures across multiple

Sep 3, 2022