Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
In February 2023, OCR settled with a dental practice for $195,000 after investigators found the organization had no written policies implementing the HIPAA Privacy
In 2023, OCR settled with a health system for $40,000 after it failed to provide a patient timely access to her own medical records
In 2023, OCR settled with a dental practice for $350,000 after investigators found the organization had addressed its Privacy Rule obligations but had done
In February 2011, Cignet Health of Prince George's County, Maryland, received a $4.3 million civil money penalty from the Office for Civil
In 2023, a mid-sized hospital system in the Midwest paid $125,000 to settle an OCR investigation after it disclosed patient records based on an
In 2023, OCR settled with a New England dermatology practice for $300,640 after the organization failed to provide a patient timely access to their
In January 2024, a medical receptionist in Texas discovered her supervisor was accessing patient records for personal reasons — looking up neighbors, family members, even local
In 2023, OCR investigated a research institution that published a dataset it believed was fully de-identified — only to discover that zip codes and dates of
In December 2022, OCR issued a bulletin explicitly warning healthcare organizations about the use of tracking technologies on websites and mobile apps — including pixels from
In 2016, OCR settled with North Memorial Health Care of Minnesota for $1.55 million after determining that a business associate had provided PHI access
A mid-size behavioral health practice in the Southeast received a subpoena demanding the complete treatment records of a current patient involved in a custody dispute.
In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement even basic access controls
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.