OCR Enforcement

HIPAA Risk Assessment

HIPAA Risk Assessment Example: A Practical Walkthrough

In February 2023, OCR settled with a healthcare provider for $1.25 million after determining the organization had never conducted a comprehensive risk analysis — despite

Nov 16, 2021

HIPAA Training

HIPAA Rules and Compliance Training Video: What Works

In 2023, OCR settled with a dental practice in New England for $50,000 after an investigation revealed that no member of its workforce had

Nov 16, 2021

HIPAA Security Officer Training

HIPAA Security Officer Training: What Your Role Demands

In 2023, OCR settled with a small health plan in Louisiana for $55,000 after an investigation revealed the organization had never designated a security

Nov 16, 2021

HIPAA Security Rule

HIPAA Security Policy Template: Build One That Works

When OCR investigated Anchorage Community Mental Health Services in 2014, the resulting $150,000 settlement wasn't triggered by a sophisticated cyberattack. It was

Nov 16, 2021

HIPAA Security Rule

HIPAA Standards for Security: What OCR Expects in 2024

In February 2024, OCR settled with a healthcare provider for $480,000 after investigators found the organization had never conducted a comprehensive risk analysis — a

Sep 18, 2021

HIPAA Technical Security

HIPAA Technical Security: Safeguards Your Organization Must Implement

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee accessed and sold the electronic protected health

Sep 18, 2021

HIPAA Technology Rule

HIPAA Technology Rule: What Healthcare Orgs Must Know

In December 2023, HHS published a Notice of Proposed Rulemaking (NPRM) that represents the most significant update to the HIPAA Security Rule since its original

Sep 18, 2021

HIPAA Technology Rules

HIPAA Technology Rules: What Your Organization Must Know

In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to encrypt protected health information

Sep 18, 2021

HIPAA Template

HIPAA Template: What Your Policies Actually Need

In 2023, OCR settled with a dental practice in New England for $50,000 — not because they lacked policies, but because the policies they had

Sep 18, 2021

HIPAA Text Messages

HIPAA Text Messages: Rules for Texting PHI Securely

In 2023, a regional health system paid $850,000 to settle an OCR investigation that traced a data breach back to a single unsecured text

Aug 5, 2021

HIPAA Training

HIPAA Training Certification Online: What Actually Counts

In 2023, OCR settled with a dental practice in New England for $50,000 — not because of a sophisticated cyberattack, but because the organization couldn&

Aug 5, 2021

HIPAA Training

HIPAA Training Classes: What Your Workforce Actually Needs

In 2023, OCR settled with a Louisiana medical group for $480,000 after an investigation revealed — among other failures — that the organization had never implemented

May 29, 2021