Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
In 2019, OCR launched its HIPAA Right of Access Initiative — and since then, it has settled more than 45 enforcement actions specifically targeting organizations that
In February 2023, OCR settled with a health system for $1.25 million after investigators found a fundamental gap: the organization had never conducted a
In February 2024, OCR announced a $4.75 million settlement with a hospital system that had failed to conduct an enterprise-wide risk analysis for over
In January 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to conduct an enterprise-wide risk
When OCR settled with Premera Blue Cross for $6.85 million in 2020, the enforcement action didn't hinge on a single failure. Investigators
In 2023, OCR settled with a Louisiana medical group for $480,000 after a HIPAA security incident involving a stolen unencrypted laptop — an incident the
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had no process for identifying or responding to
When OCR settled with Premera Blue Cross for $6.85 million in 2020, the root cause wasn't a single missing firewall or an
In December 2022, OCR settled with a dental practice for $23,000 after an employee responded to a negative online review by disclosing a patient&
In 2022, a Texas dental practice paid a $10,000 settlement after a staff member responded to a negative online review by disclosing the patient&
When OCR investigates a covered entity and discovers years of noncompliance, one of the most common — and least persuasive — defenses is confusion about when HIPAA
The Downstream Liability Most Business Associates Overlook In 2023, OCR settled with a medical transcription company for over $100,000 after a breach traced not
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.