Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to conduct an enterprise-wide risk analysis — a fundamental gap
In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that IT staff had failed to implement basic Security
A physician texts a colleague a patient's lab results using a personal smartphone. A front-desk coordinator sends an appointment reminder via standard SMS
In 2023, OCR settled with a solo dental practice in Indiana for $50,000 after a patient complaint revealed the office had no written policies,
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of over
In February 2024, OCR settled with a New England dermatology practice for $300,000 after determining the organization had disclosed protected health information to a
In 2023, OCR settled with a covered entity for $40,000 after an investigation revealed the organization had disclosed protected health information without a valid
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had never performed penetration testing or vulnerability scanning
In 2023, OCR settled with a Florida-based healthcare provider for $25,000 after investigators discovered that multiple workforce members had never completed basic privacy and
In 2022, OCR settled with a health plan for $1.25 million after an investigation revealed that the organization had migrated protected health information to
In 2023, a dental practice in the Southeast received an OCR investigation after a patient complained that their protected health information was shared with a
In December 2022, OCR issued a bulletin that sent shockwaves through the healthcare industry. The agency confirmed that common website tracking technologies — pixels, session replay
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.