Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
A radiology practice in Tennessee got hit with a $3 million penalty because they let a former employee keep access to a cloud server holding
In February 2023, Banner Health paid $1.25 million to settle allegations that it failed to conduct an enterprise-wide risk analysis — a core requirement of
Last year, a compliance officer at a mid-size hospital system in Texas told me she'd spent $14,000 on a vendor's
The Statement That Trips Up Even Experienced Compliance Officers Here's a question I've watched rooms full of healthcare professionals get wrong:
A hospital receptionist in Texas forwarded a patient's lab results to the wrong email address. It took fourteen seconds. The breach affected one
A receptionist at a pediatric clinic prints a patient's immunization record and accidentally leaves it on the front counter for forty-five minutes. A
A pediatric nonprofit in Idaho lost $387,200 because one employee — one — opened a phishing email and exposed the ePHI of 10,000 patients. When
A receptionist at a small cardiology practice in Arizona looked up her ex-husband's medical records one afternoon. She didn't share them.
A Therapist's Worst Nightmare Starts with a Fax Machine A licensed counselor in a mid-sized practice hit "send" on a fax
A hospital in Texas faxed 277 patient records to the wrong physician's office. No authorization on file. No tracking log. No documentation that
It's HIPAA, Not HIPPA — and It's Older Than You Think I get this question more than almost any other: when was
A pediatric clinic in Colorado lost $548,265 because their front desk staff didn't know that faxing PHI to the wrong number triggered
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.