A collection of 119 posts
In 2023, a mid-sized hospital in the Southeast faced simultaneous investigations from OSHA and OCR after a needlestick incident exposed a nurse to bloodborne pathogens
When an OSHA inspector walks into your clinic requesting access to employee medical records, exposure logs, and workplace injury documentation, your compliance team faces a
In 2023, a dental practice in the Southeast received citations from both OSHA and OCR within the same six-month window. The OSHA inspection uncovered improperly
A compliance officer at a mid-size clinic recently told me her staff believed that PHI must be protected in all forms except verbal conversations — that
In 2023, OCR settled with a dental practice for $350,000 after investigators found the organization had addressed its Privacy Rule obligations but had done
In early 2024, OCR settled with a telehealth provider for $950,000 after an investigation revealed the organization had deployed a cloud-based therapy platform without
In December 2022, OCR issued a bulletin explicitly warning healthcare organizations about the use of tracking technologies on websites and mobile apps — including pixels from
In 2016, OCR settled with North Memorial Health Care of Minnesota for $1.55 million after determining that a business associate had provided PHI access
When a major Texas health system paid $1.6 million in state penalties for unauthorized disclosures of protected health information, it wasn't a
When OCR investigated Premera Blue Cross in 2020, the resulting $6.85 million settlement exposed failures across every category of protection the HIPAA Security Rule
In 2023, OCR settled with a dental practice for $350,000 after investigators discovered the organization had no written security policies, no risk analysis, and
In February 2023, OCR settled with a healthcare provider for $1.25 million after investigators found failures spanning all three HIPAA rules — inadequate safeguards for
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.