OCR Enforcement

HIPAA Breach Notification

HIPAA Reporting a Breach: Timelines, Steps, and Pitfalls

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee accessed and sold protected health information (PHI)

Nov 23, 2021

HIPAA Requirements

What HIPAA Requires: Obligations Every Covered Entity Must Meet

In March 2024, OCR settled with a healthcare provider for $950,000 after an investigation revealed the organization had failed to conduct a risk analysis

Nov 23, 2021

HIPAA Right of Access

HIPAA Right of Access: What Your Organization Must Know

In 2019, the Office for Civil Rights (OCR) launched its HIPAA Right of Access Initiative — and since then, it has settled or imposed penalties in

Nov 16, 2021

HIPAA Risk Assessment

HIPAA Risk Assessment Example: A Practical Walkthrough

In February 2023, OCR settled with a healthcare provider for $1.25 million after determining the organization had never conducted a comprehensive risk analysis — despite

Nov 16, 2021

HIPAA Training

HIPAA Rules and Compliance Training Video: What Works

In 2023, OCR settled with a dental practice in New England for $50,000 after an investigation revealed that no member of its workforce had

Nov 16, 2021

HIPAA Security Officer Training

HIPAA Security Officer Training: What Your Role Demands

In 2023, OCR settled with a small health plan in Louisiana for $55,000 after an investigation revealed the organization had never designated a security

Nov 16, 2021

HIPAA Security Rule

HIPAA Security Policy Template: Build One That Works

When OCR investigated Anchorage Community Mental Health Services in 2014, the resulting $150,000 settlement wasn't triggered by a sophisticated cyberattack. It was

Nov 16, 2021

HIPAA Security Rule

HIPAA Standards for Security: What OCR Expects in 2024

In February 2024, OCR settled with a healthcare provider for $480,000 after investigators found the organization had never conducted a comprehensive risk analysis — a

Sep 18, 2021

HIPAA Technical Security

HIPAA Technical Security: Safeguards Your Organization Must Implement

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee accessed and sold the electronic protected health

Sep 18, 2021

HIPAA Technology Rule

HIPAA Technology Rule: What Healthcare Orgs Must Know

In December 2023, HHS published a Notice of Proposed Rulemaking (NPRM) that represents the most significant update to the HIPAA Security Rule since its original

Sep 18, 2021

HIPAA Technology Rules

HIPAA Technology Rules: What Your Organization Must Know

In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to encrypt protected health information

Sep 18, 2021

HIPAA Template

HIPAA Template: What Your Policies Actually Need

In 2023, OCR settled with a dental practice in New England for $50,000 — not because they lacked policies, but because the policies they had

Sep 18, 2021

Ready to Simplify HIPAA Compliance?