Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
A pediatric nonprofit in Idaho lost $387,200 because one employee — one — opened a phishing email and exposed the ePHI of 10,000 patients. When
A receptionist at a small cardiology practice in Arizona looked up her ex-husband's medical records one afternoon. She didn't share them.
A Therapist's Worst Nightmare Starts with a Fax Machine A licensed counselor in a mid-sized practice hit "send" on a fax
A hospital in Texas faxed 277 patient records to the wrong physician's office. No authorization on file. No tracking log. No documentation that
It's HIPAA, Not HIPPA — and It's Older Than You Think I get this question more than almost any other: when was
A pediatric clinic in Colorado lost $548,265 because their front desk staff didn't know that faxing PHI to the wrong number triggered
A $4.75 Million Wake-Up Call That Should Have Changed Everything In February 2017, Memorial Healthcare System paid $5.5 million to the U.S.
A hospital employee in Texas pulls up a patient's full medical record to verify an insurance code. She only needs the diagnosis and
The Typo That Reveals a Bigger Problem Every month, thousands of people search for a "hippa course." I know because I watch the
Last month, a practice manager in Phoenix emailed me a certificate she'd earned from an online course. It had a gold seal, an
A $4.75 Million Wake-Up Call That Started With a Checkbox In 2023, Banner Health paid $1.25 million to settle with OCR after investigators
A surgeon's office in Texas faxed a patient's entire psychiatric history to a life insurance company. The patient hadn't
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.