OCR Enforcement

Business Associate

Business Associate HIPAA Compliance: What CEs Must Enforce

In June 2023, OCR settled with a business associate — a medical records management company — for $75,000 after a breach exposed the protected health information

Oct 25, 2022

Business Associate Agreement

Business Associates Agreement HIPAA: What You Must Include

In 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed it had allowed a business associate to access

Oct 25, 2022

Business Associates

Business Associates Must Comply with the HIPAA Privacy Standards

In 2023, OCR settled with a business associate — a medical records management company — for $100,000 after an investigation revealed failures to safeguard protected health

Oct 25, 2022

HIPAA Violation

Can I Sue for a HIPAA Violation? What You Need to Know

Every month, patients contact OCR after discovering a hospital shared their medical records without authorization, a business associate lost a laptop containing thousands of patient

Oct 25, 2022

HIPAA Training

CEDR HIPAA Training: What You Need to Know in 2024

When OCR investigated a small dental practice in 2023 for an impermissible disclosure of protected health information, the first document they requested was proof of

Oct 25, 2022

CMS HIPAA Training

CMS HIPAA Training: What Healthcare Organizations Must Know

In 2023, OCR settled with a covered entity for $1.3 million after investigators discovered that workforce members had never received adequate HIPAA training — despite

Oct 25, 2022

HIPAA Compliance

Communication Issues in Healthcare That Create HIPAA Risk

In 2023, a mid-sized hospital system paid $1.3 million to settle with OCR after a series of incidents that all traced back to the

Oct 25, 2022

HIPAA Compliant Email

Compliant Email: HIPAA Rules for Sending PHI Securely

In 2023, OCR settled with a healthcare provider for over $100,000 after an investigation revealed that staff routinely sent unencrypted emails containing protected health

Sep 3, 2022

HIPAA Complaints

How to Contact HIPAA: Filing Complaints and Getting Help

In 2023, the Office for Civil Rights (OCR) received over 32,000 complaints alleging HIPAA violations — and resolved the vast majority through investigation, corrective action,

Sep 3, 2022

Dental HIPAA Training

Dental OSHA and HIPAA Training: What Practices Must Know

In 2023, a small dental practice in North Carolina paid $50,000 to settle a complaint with the Office for Civil Rights after a former

Sep 3, 2022

EHR and HIPAA Compliance

EHR and HIPAA Compliance: What Your Organization Must Get Right

In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that a former employee had accessed over 2,700

Sep 3, 2022

Elements of HIPAA

Elements of HIPAA: The Core Rules Every Organization Must Know

In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed systemic failures across multiple

Sep 3, 2022