Minimum Necessary Standard

What Does It Mean to Follow the Minimum Necessary Standard?

A scheduling coordinator at a mid-size orthopedic practice pulled a patient's full medical record — psychiatric notes, HIV status, substance abuse history — just to

Apr 1, 2026

HIPAA Medical Privacy

HIPAA Medical Privacy: What Covered Entities Get Wrong

In February 2024, OCR settled with a New England health system for $1.3 million after investigators found that staff had been accessing patient records

Sep 29, 2025

Minimum Necessary Standard

Minimum Necessary HIPAA: The Rule You're Probably Violating

A mid-size hospital system in the Midwest allowed its entire billing department unrestricted access to complete patient medical records — including clinical notes, mental health histories,

Apr 21, 2024

Release of Information

Release of Information HIPAA Rules You Must Follow

In 2023, OCR settled with a New England dermatology practice for $300,640 after the organization failed to provide a patient timely access to their

Dec 15, 2023

Minimum Necessary Standard

The Minimum Necessary Rule Refers To: A Practical Guide

In 2022, OCR settled with a dental practice for $25,000 after an investigation revealed the organization had disclosed an entire patient medical record to

Sep 24, 2023

Minimum Necessary Standard

The Minimum Necessary Standard Means To Limit PHI Access

In 2023, OCR settled with a covered entity for over $100,000 after an investigation revealed that employees were routinely accessing patient records unrelated to

Sep 24, 2023

HIPAA Privacy Rule

The Privacy Rule HIPAA: What Your Organization Must Do

In February 2024, OCR settled with a New England dermatology practice for $300,640 after investigators found the organization had no policies implementing basic Privacy

Aug 30, 2023

HIPAA Payers

Under HIPAA Payers May Not Misuse PHI: Key Rules

In 2023, OCR settled with a major health plan for $1.3 million after an investigation revealed the plan had used enrollee protected health information

Jul 1, 2023

Minimum Necessary Standard

What Does It Mean to Follow the Minimum Necessary Standard

In 2022, a specialty clinic in the Midwest disclosed an entire patient record — surgical history, psychiatric notes, billing details — to an employer conducting a routine

May 24, 2023

HIPAA Privacy Rule

When Can a Covered Entity Disclose PHI Legally?

In 2023, OCR settled with a dental practice for $350,000 after the organization disclosed a patient's protected health information to a third-party

Jan 27, 2023

PHI Access

Who Can Have Access to a Patient's PHI Under HIPAA

In 2023, OCR settled with a medical practice for $50,000 after an unauthorized employee accessed patient records with no treatment, payment, or operational justification.

Dec 14, 2022

HIPAA Need to Know

HIPAA Need to Know: The Minimum Necessary Standard

In 2023, OCR settled with a health system for $1.3 million after an investigation revealed that employees across multiple departments had unrestricted access to

Jan 4, 2022

Minimum Necessary Standard

Ready to Simplify HIPAA Compliance?