Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
When OCR levies a multimillion-dollar penalty against a covered entity for failing to conduct a risk analysis, the enforcement action traces its authority back to
In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without any
In 1996, a patient could lose health insurance simply by changing jobs — and their most sensitive medical records could be shared between companies without their
In 2023, a hospital employee in New York accessed the medical records of a coworker out of curiosity — no treatment purpose, no payment reason, no
When OCR settled with Anthem Inc. for $16 million in 2018 — the largest HIPAA settlement in history at that time — the enforcement action didn'
In February 2024, OCR settled with a healthcare system for $480,000 after investigators found that workforce members had never completed HIPAA training — despite handling
In February 2023, OCR settled with a Florida-based medical practice for $30,000 after investigators found the organization had no evidence of workforce HIPAA training
In June 2023, OCR settled with a dental management company for $350,000 after discovering it had allowed a business associate to access protected health
In February 2024, OCR settled with a Florida-based healthcare provider for $160,000 after a breach investigation revealed that multiple workforce members had never received
In 2023, OCR settled with a covered entity for over $100,000 after the organization disclosed protected health information without a valid authorization — partly because
In 2023, OCR settled with a business associate that failed to ensure its subcontractor had adequate safeguards for protected health information — resulting in a six-figure
In September 2023, OCR settled with a health system for $1.3 million after investigators found the organization had allowed a vendor to access protected
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.