A collection of 182 posts
When a Texas-based hospital system was fined by the state attorney general for failing to train its workforce on state-specific privacy requirements, the organization'
In February 2024, OCR announced a $4.75 million settlement with a health system that failed to manage its business associate relationships — a pattern enforcement
In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to conduct an enterprise-wide risk analysis — a fundamental gap
In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that IT staff had failed to implement basic Security
In 2024, OCR settled with a medical transcription company for $1.2 million after a breach investigation revealed the business associate had never conducted a
In 2023, OCR settled with a solo dental practice in Indiana for $50,000 after a patient complaint revealed the office had no written policies,
In 2019, a Texas dental practice paid $10,000 to settle potential HIPAA violations after OCR investigated an impermissible disclosure of a patient's
In February 2024, OCR announced a $4.75 million settlement with a hospital system after a nurse accessed patient records without a treatment, payment, or
In 2022, a small dental practice in North Carolina agreed to a $50,000 settlement with the Office for Civil Rights (OCR) after a patient
In January 2024, OCR settled with a New England dermatology practice for $300,000 after a breach exposed the electronic protected health information of nearly
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found that a former employee's HIPAA login credentials remained
In 2023, OCR settled with a covered entity for $40,000 after a former employee accessed patient records without authorization — months after leaving the organization.
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.