OCR Enforcement

HIPAA Laws

HIPAA Laws: What Every Healthcare Organization Must Know

In February 2023, OCR settled with a healthcare provider for $1.3 million after finding systemic failures to comply with basic HIPAA laws — failures that

Nov 15, 2024

HIPAA Rules

HIPPA Rules and Regulations: What You Actually Need to Know

In 2023, OCR settled with Doctors' Management Services for $100,000 after a ransomware attack exposed the protected health information of over 206,000

Nov 15, 2024

HITECH Act

HITECH Act Medical Records: What Your Organization Must Know

When Cignet Health of Maryland refused to provide 41 patients access to their medical records, the Office for Civil Rights (OCR) imposed a $4.3

Nov 13, 2024

HITECH Act

HITECH Act Summary: What Covered Entities Must Know

When OCR levied a $4.3 million settlement against MD Anderson Cancer Center in 2018 for unencrypted devices containing protected health information, the enforcement authority

Oct 29, 2024

Hospital Compliance Training

Hospital Compliance Training: What OCR Expects

In February 2024, OCR settled with a large health system for $480,000 after investigators found that the organization had failed to provide adequate HIPAA

Oct 29, 2024

Fraud Waste and Abuse

How Can You Prevent Fraud Waste and Abuse Under HIPAA

In 2023, the Department of Health and Human Services Office of Inspector General (OIG) reported over $3.6 billion in expected recoveries from healthcare fraud

Sep 7, 2024

HIPAA Patient Identifiers

How Many Patient Identifiers Are Required by HIPAA

A behavioral health clinic in Connecticut received a $125,000 penalty from OCR after disclosing a spreadsheet of patient data that staff believed was "

Jul 7, 2024

Patient Identifiers

Information That Contains One or More Patient Identifiers

Why a Single Patient Identifier Triggers Full HIPAA Protection In 2023, OCR settled with a New England dermatology practice for $300,640 after an investigation

Jun 18, 2024

Anti Kickback Statute

Intent of Anti Kickback Statute and HIPAA Compliance

In 2023, the Department of Justice recovered over $2.68 billion in healthcare fraud settlements and judgments — a significant portion tied to Anti-Kickback Statute (AKS)

Jun 18, 2024

HIPAA Email

Is Email PHI? What HIPAA Actually Requires for Email

In December 2023, OCR settled with a healthcare system for $480,000 after an investigation revealed workforce members had been emailing unencrypted patient information to

Jun 18, 2024

HIPAA Compliance

Is HIPAA Only for Medical Professionals? Not Even Close

In 2023, OCR settled a case with a dental management company — not a dentist, not a hospital, but an administrative services firm — for $350,000

Jun 18, 2024

HIPAA Violation

Is Telling a Story About a Patient a HIPAA Violation?

A nurse finishes a difficult shift and, over dinner with friends, recounts a dramatic case from the ER — the injuries, the treatment, the patient'

May 20, 2024