Common HIPAA violations, enforcement cases, and how to avoid compliance failures
In 2023, OCR settled with a dental practice in New England for $50,000 after finding it had no policies implementing the Privacy Rule — despite
In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without any
In 2023, a hospital employee in New York accessed the medical records of a coworker out of curiosity — no treatment purpose, no payment reason, no
In 2023, a mid-sized hospital system paid $1.3 million to settle with OCR after a series of incidents that all traced back to the
In 2023, the Office for Civil Rights (OCR) received over 32,000 complaints alleging HIPAA violations — and resolved the vast majority through investigation, corrective action,
In 2023, OCR settled with a dental practice in New England for $50,000 after investigators found that the organization had no documented workforce training
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a workforce member stole protected health information (PHI) of over
In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to conduct an enterprise-wide risk analysis — a fundamental gap
In February 2024, OCR settled with a New England dermatology practice for $300,000 after determining the organization had disclosed protected health information to a
In 2023, a mid-sized employer's HR department forwarded an employee's medical certification for FMLA leave to the employee's direct
In February 2023, Banner Health agreed to a $1.25 million settlement with the Office for Civil Rights after a 2016 breach exposed the protected
In 2019, the Office for Civil Rights (OCR) launched its HIPAA Right of Access Initiative — and since then, it has settled or imposed penalties in
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.