Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
When a healthcare clinic in the Midwest received citations from both OSHA and OCR within the same quarter, leadership realized something that too many organizations
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had disclosed patient health information PHI to a
In 2023, a mid-sized hospital system paid $1.3 million to settle with OCR after a researcher published a dataset they believed was "anonymized&
In October 2023, OCR settled with a Louisiana medical group for $480,000 after a phishing attack exposed the protected health information of over 34,
In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed catastrophic failures in risk
In 2023, OCR settled with a health system that had been using an outdated authorization form for nearly four years — one that failed to include
In February 2024, OCR announced a $4.75 million settlement with a nonprofit health system that failed to conduct an enterprise-wide risk analysis — leaving the
In 2023, OCR settled with a dental practice in New England for $50,000 after it disclosed patient records to a third-party marketing firm without
In 2022, a dental practice in New England received a corrective action from OCR after an employee discussed a patient's treatment plan loudly
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had disclosed patient records to a third-party marketing
A compliance officer at a mid-size clinic recently told me her staff believed that PHI must be protected in all forms except verbal conversations — that
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient records to a marketing
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.