Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
In February 2024, OCR announced a $4.75 million settlement with a health system that failed to manage its business associate relationships — a pattern enforcement
In 2024, OCR settled with a business associate — a medical transcription company — for $1.2 million after a breach investigation revealed that not a single
In February 2024, OCR settled with a Louisiana medical group for $480,000 after investigators found the organization had failed to implement even the most
In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to conduct an enterprise-wide risk analysis — a fundamental gap
In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that IT staff had failed to implement basic Security
A physician texts a colleague a patient's lab results using a personal smartphone. A front-desk coordinator sends an appointment reminder via standard SMS
In 2023, OCR settled with a solo dental practice in Indiana for $50,000 after a patient complaint revealed the office had no written policies,
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of over
In February 2024, OCR settled with a New England dermatology practice for $300,000 after determining the organization had disclosed protected health information to a
In 2023, OCR settled with a covered entity for $40,000 after an investigation revealed the organization had disclosed protected health information without a valid
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had never performed penetration testing or vulnerability scanning
In 2023, OCR settled with a Florida-based healthcare provider for $25,000 after investigators discovered that multiple workforce members had never completed basic privacy and
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.