Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
A medical office manager recently told me her team completed their annual OSHA training and assumed they were fully compliant with all federal requirements. Six
In September 2023, OCR settled with a health plan for $40,000 after the organization failed to provide a patient with timely access to their
In 2023, OCR settled with a dental practice in New England for $50,000 after an investigation revealed that staff members were routinely sharing patient
In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed systemic failures in risk
In 2023, OCR settled with a dental practice in New England for $350,000 after an investigation revealed that staff members had been sharing patient
In 2023, OCR settled with a New England dermatology practice for $300,640 after an investigation revealed that protected health information — including names, dates of
In February 2024, OCR settled with a dental practice for $70,000 after an employee disclosed a patient's treatment information on social media.
In February 2024, OCR settled with a Louisiana medical group for $480,000 after determining that the organization had failed to provide patients timely access
In February 2024, a dental practice in New England received a $50,000 penalty from the HHS Office for Civil Rights after an employee texted
In December 2023, HHS published a Notice of Proposed Rulemaking (NPRM) that would represent the most significant overhaul of the HIPAA Security Rule since its
When OCR settled with Banner Health for $1.25 million in 2023, the core finding was painfully familiar: the organization had failed to conduct an
In 2023, OCR settled with a covered entity for $1.25 million — not because of a sophisticated cyberattack, but because the organization lacked a written,
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.