Content about HIPAA Security Rule safeguards and workforce training.
In February 2024, OCR announced a $480,000 settlement with a New England dermatology practice that failed to conduct an enterprise-wide risk analysis — a core
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had failed to implement even basic safeguards for
In 2023, OCR settled with a dental practice for $350,000 over Security Rule violations that had persisted since 2016 — failures the practice might have
In 2023, OCR settled with Banner Health for $1.25 million after a breach affecting over 2.81 million individuals — a case that hinged on
In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement basic access controls on
During a 2023 OCR investigation, a mid-sized cardiology practice received a $1.5 million penalty — not because of a sophisticated cyberattack, but because staff routinely
Every year, OCR investigations reveal the same pattern: organizations that misidentify what HIPAA actually requires end up with the most damaging audit findings. One of
When OCR levies a multimillion-dollar penalty against a covered entity for failing to conduct a risk analysis, the enforcement action traces its authority back to
When OCR settled with Anthem Inc. for $16 million in 2018 — the largest HIPAA settlement in history at that time — the enforcement action didn'
In June 2023, OCR settled with a dental management company for $350,000 after discovering it had allowed a business associate to access protected health
In September 2023, OCR settled with a health system for $1.3 million after investigators found the organization had allowed a vendor to access protected
In June 2023, OCR settled with a business associate — a medical records management company — for $75,000 after a breach exposed the protected health information
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.