OCR Enforcement

HIPAA Security Rule

Security Safeguards HIPAA: What OCR Expects in 2024

In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to implement even basic security

Mar 14, 2020

HIPAA Compliance

Storage of Medical Records HIPAA Rules You Must Follow

In 2023, OCR settled with a New England dermatology practice for $300,640 after an unencrypted thumb drive containing the protected health information of over

Feb 27, 2020

Subcontractor BAA

Subcontractor BAA: What HIPAA Requires Down the Chain

In 2016, OCR settled with a business associate for $650,000 after a subcontractor experienced a breach affecting over 11,000 patients — and no business

Feb 27, 2020

HIPAA Privacy Rule

Summary of the HIPAA Privacy Rule: What You Must Know

In 2024, OCR settled with a New England dermatology practice for $300,640 after an investigation revealed the organization had no policies implementing the Privacy

Feb 27, 2020

Sunshine Act

Sunshine Act and HIPAA: What Covered Entities Must Know

In 2023, CMS published over 12.9 billion dollars in physician payment data through the Open Payments database — the public-facing arm of the Sunshine Act.

Feb 27, 2020

Telemedicine

Telemedicine and HIPAA Compliance: What Providers Must Know

When OCR announced in late 2023 that the COVID-era telehealth enforcement discretion would not last forever, many healthcare organizations realized they had been operating telemedicine

Jan 26, 2020

Texting and HIPAA

Texting and HIPAA Compliance: What Your Organization Must Know

In 2023, a dermatology practice in Connecticut paid $150,000 to settle an OCR investigation that traced back, in part, to unsecured electronic communications — including

Jan 26, 2020

HIPAA Compliant Texting

Texting HIPAA Compliant: What Your Organization Must Know

In 2023, a dental practice in Texas paid a $50,000 settlement to OCR after a staff member texted appointment reminders containing diagnostic codes to

Jan 26, 2020

HIPAA Privacy Rule

What Are HIPAA Privacy Rules? A Practical Guide

In February 2024, OCR settled with a Louisiana medical group for $480,000 after the office failed to provide a patient timely access to her

Jan 21, 2020

Protected Health Information

What Info Is Protected by HIPAA: A Practical Guide

In 2023, OCR settled with a dental practice in New England for $23,000 after an investigation revealed the organization had disclosed patient appointment information

Jan 21, 2020

Business Associate Agreement

What Is a BAA for HIPAA? Your Complete Guide

In June 2023, OCR settled with a dental practice management company for $350,000 after discovering the organization had failed to execute proper agreements with

Jan 21, 2020

HIPAA Authorization

What Is a HIPAA Authorization Form and When It's Required

In 2023, a specialty medical practice in the Southeast received an OCR corrective action after routinely disclosing patient records to a life insurance company without

Jan 21, 2020