Office for Civil Rights HIPAA enforcement actions, investigations, and compliance strategies
In 2023, OCR settled with a Louisiana medical group for $480,000 after a HIPAA security incident involving a stolen unencrypted laptop — an incident the
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had no process for identifying or responding to
When OCR settled with Premera Blue Cross for $6.85 million in 2020, the root cause wasn't a single missing firewall or an
In December 2022, OCR settled with a dental practice for $23,000 after an employee responded to a negative online review by disclosing a patient&
In 2022, a Texas dental practice paid a $10,000 settlement after a staff member responded to a negative online review by disclosing the patient&
When OCR investigates a covered entity and discovers years of noncompliance, one of the most common — and least persuasive — defenses is confusion about when HIPAA
The Downstream Liability Most Business Associates Overlook In 2023, OCR settled with a medical transcription company for over $100,000 after a breach traced not
In January 2025, HHS confirmed that the temporary telehealth enforcement discretion introduced during the COVID-19 public health emergency has ended. That means every healthcare organization
When OCR announced in late 2024 that the pandemic-era telehealth enforcement discretion would not be extended indefinitely, hundreds of healthcare organizations suddenly realized they had
In 2023, a small dental practice in Texas received a six-figure settlement demand from OCR after a patient complaint revealed staff were texting appointment details,
In early 2024, a small behavioral health clinic in the Midwest received a $50,000 OCR civil money penalty after a breach investigation revealed that
In 2023, a Florida-based healthcare provider paid $1.3 million to settle an OCR investigation that traced back to a single problem: untrained front-desk staff
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.