OCR Enforcement

HIPAA Updates

Recent HIPAA Updates: What Changed and What You Must Do

In December 2023, HHS published a Notice of Proposed Rulemaking (NPRM) that would represent the most significant overhaul of the HIPAA Security Rule since its

Jun 24, 2020

Risk Analysis

Risk Analysis HIPAA: The Requirement That Drives Most Fines

When OCR settled with Banner Health for $1.25 million in 2023, the core finding was painfully familiar: the organization had failed to conduct an

May 20, 2020

HIPAA Compliance Plan

Sample HIPAA Compliance Plan: Build Yours the Right Way

In 2023, OCR settled with a covered entity for $1.25 million — not because of a sophisticated cyberattack, but because the organization lacked a written,

Mar 14, 2020

HIPAA Security Rule

Security Safeguards HIPAA: What OCR Expects in 2024

In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to implement even basic security

Mar 14, 2020

HIPAA Compliance

Storage of Medical Records HIPAA Rules You Must Follow

In 2023, OCR settled with a New England dermatology practice for $300,640 after an unencrypted thumb drive containing the protected health information of over

Feb 27, 2020

Subcontractor BAA

Subcontractor BAA: What HIPAA Requires Down the Chain

In 2016, OCR settled with a business associate for $650,000 after a subcontractor experienced a breach affecting over 11,000 patients — and no business

Feb 27, 2020

HIPAA Privacy Rule

Summary of the HIPAA Privacy Rule: What You Must Know

In 2024, OCR settled with a New England dermatology practice for $300,640 after an investigation revealed the organization had no policies implementing the Privacy

Feb 27, 2020

Sunshine Act

Sunshine Act and HIPAA: What Covered Entities Must Know

In 2023, CMS published over 12.9 billion dollars in physician payment data through the Open Payments database — the public-facing arm of the Sunshine Act.

Feb 27, 2020

Telemedicine

Telemedicine and HIPAA Compliance: What Providers Must Know

When OCR announced in late 2023 that the COVID-era telehealth enforcement discretion would not last forever, many healthcare organizations realized they had been operating telemedicine

Jan 26, 2020

Texting and HIPAA

Texting and HIPAA Compliance: What Your Organization Must Know

In 2023, a dermatology practice in Connecticut paid $150,000 to settle an OCR investigation that traced back, in part, to unsecured electronic communications — including

Jan 26, 2020

HIPAA Compliant Texting

Texting HIPAA Compliant: What Your Organization Must Know

In 2023, a dental practice in Texas paid a $50,000 settlement to OCR after a staff member texted appointment reminders containing diagnostic codes to

Jan 26, 2020

HIPAA Privacy Rule

What Are HIPAA Privacy Rules? A Practical Guide

In February 2024, OCR settled with a Louisiana medical group for $480,000 after the office failed to provide a patient timely access to her

Jan 21, 2020