A collection of 182 posts
In February 2024, OCR settled with a healthcare system for $480,000 after an investigation revealed that multiple workforce members had accessed patient records without
A mid-size hospital system in the Midwest allowed its entire billing department unrestricted access to complete patient medical records — including clinical notes, mental health histories,
In 2023, OCR settled a case with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records
In 2023, a mid-sized hospital in the Southeast faced simultaneous investigations from OSHA and OCR after a needlestick incident exposed a nurse to bloodborne pathogens
When an OSHA inspector walks into your clinic requesting access to employee medical records, exposure logs, and workplace injury documentation, your compliance team faces a
In 2023, a dental practice in the Southeast received citations from both OSHA and OCR within the same six-month window. The OSHA inspection uncovered improperly
A compliance officer at a mid-size clinic recently told me her staff believed that PHI must be protected in all forms except verbal conversations — that
In 2023, OCR settled with a dental practice for $350,000 after investigators found the organization had addressed its Privacy Rule obligations but had done
In early 2024, OCR settled with a telehealth provider for $950,000 after an investigation revealed the organization had deployed a cloud-based therapy platform without
In December 2022, OCR issued a bulletin explicitly warning healthcare organizations about the use of tracking technologies on websites and mobile apps — including pixels from
In 2016, OCR settled with North Memorial Health Care of Minnesota for $1.55 million after determining that a business associate had provided PHI access
When a major Texas health system paid $1.6 million in state penalties for unauthorized disclosures of protected health information, it wasn't a
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.