Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
A $4.3 Million Wake-Up Call That Started with Untrained Staff In 2023, the University of Washington Medicine agreed to a $750,000 settlement with
A hospital in Oklahoma City paid $1.19 million to HHS in 2023 because an employee snooped through patient records without authorization. The organization knew
A $4.75 Million Invoice Nobody Expected In 2022, a cancer care center in Indiana opened an envelope from HHS that changed everything. The Centers
Last year, a three-physician practice in Tennessee paid $1.19 million to settle HIPAA violations that started with a single stolen laptop. The Office for
A psychiatrist's office in Connecticut faxed 65 pages of therapy notes to a patient's employer. The patient had signed a form
A community hospital in Yakima, Washington lost an unencrypted laptop in 2013. That single device held the electronic protected health information of 524 patients. The
A Single Fax Machine Cost This Hospital $4.8 Million In 2019, a fax at NewYork-Presbyterian Hospital sent a patient's PHI to the
A $4.3 Million Wake-Up Call That Started With Bad Training In 2023, the University of Washington Medicine paid $750,000 to settle with OCR
After consulting for over 2,500 healthcare organizations, they all had one major risk in common—no audit record or evidence of HIPAA training. Learn how to stay off OCR's radar.
In 2023, OCR settled with a dental practice in New England that had never conducted a risk analysis, never issued a Notice of Privacy Practices,
In 2024, OCR settled with a healthcare provider for $40,000 after an investigation revealed that multiple workforce members had never received HIPAA training — despite
In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting over 2.81 million individuals exposed systemic failures in
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.