Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
In 2023, OCR settled with a dental practice for $350,000 after an impermissible disclosure involving patient appointment data — information the practice didn't
In February 2023, OCR settled with Banner Health for $1.25 million after a phishing attack exposed the protected health information of nearly 3 million
In 2023, OCR settled with a dental practice for $350,000 after the organization disclosed a patient's protected health information to a third-party
In 2023, OCR settled with a dental practice for $350,000 after the organization disclosed a patient's protected health information to a third-party
In 2023, OCR received over 700 large breach reports from covered entities and business associates — each one triggering federal and state notification obligations, media attention,
In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals — partly because the organization'
In 2023, OCR settled with Banner Health for $1.25 million after a breach affecting over 2.81 million individuals — a case that hinged on
Every week, at least one compliance officer or new hire sends me some version of the same question: where can I get HIPAA certification? The
In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement basic access controls on
In 2023, OCR settled with a healthcare analytics company for over $1.5 million after the organization shared datasets it believed were de-identified — but which
In 2023, OCR settled with a covered entity for $1.3 million after an investigation revealed the organization had misclassified certain data as non-PHI — and
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient names, treatment records, and
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.