OCR Enforcement

HIPAA Paper Records

HIPAA Paper Records: Safeguards You Can't Ignore

In 2018, OCR settled with Filefax Inc. for $100,000 after the company left medical records — paper records containing protected health information — sitting in an

Dec 31, 2021

HIPAA Paperwork

HIPAA Paperwork: What Your Organization Actually Needs

When OCR investigators arrive at a covered entity's door — whether triggered by a patient complaint or a reported breach — the first thing they

Dec 4, 2021

HIPAA Policy for Employees

HIPAA Policy for Employees: What Your Workforce Needs

In 2023, OCR settled with a covered entity for $40,000 after a former employee accessed patient records without authorization — months after leaving the organization.

Dec 4, 2021

HIPAA Policy

HIPAA Policy Sample: What Your Organization Actually Needs

When OCR investigated Anthem Inc. and imposed a record $16 million settlement in 2018, the enforcement action didn't just cite a data breach.

Dec 4, 2021

HIPAA Policy Templates

HIPAA Policy Templates Free: Why Free Isn't Compliant

In 2023, a small specialty clinic in the Southeast received a corrective action plan from OCR after a breach investigation revealed that their "policies

Dec 4, 2021

HIPAA Privacy Certification

HIPAA Privacy Certification: What Your Workforce Needs

In February 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed that workforce members had never completed documented

Dec 4, 2021

HIPAA Privacy Policies

HIPAA Privacy Policies: What Your Organization Must Include

In 2023, OCR settled with a dental practice in New England for $350,000 after investigators discovered the organization had no written policies governing the

Dec 4, 2021

HIPAA Professional

HIPAA Professional: What It Takes to Lead Compliance

In 2023, OCR settled with a Florida-based health system for $1.2 million after investigators found that the organization lacked a qualified individual overseeing its

Dec 4, 2021

HIPAA Protected Information

HIPAA Protected Information: What Counts and What Doesn't

In 2023, a dental practice in New England paid $50,000 to settle an OCR investigation after a workforce member posted a patient's

Dec 4, 2021

HIPAA Breach Notification

HIPAA Reporting a Breach: Timelines, Steps, and Pitfalls

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee accessed and sold protected health information (PHI)

Nov 23, 2021

HIPAA Requirements

What HIPAA Requires: Obligations Every Covered Entity Must Meet

In March 2024, OCR settled with a healthcare provider for $950,000 after an investigation revealed the organization had failed to conduct a risk analysis

Nov 23, 2021

HIPAA Right of Access

HIPAA Right of Access: What Your Organization Must Know

In 2019, the Office for Civil Rights (OCR) launched its HIPAA Right of Access Initiative — and since then, it has settled or imposed penalties in

Nov 16, 2021