A collection of 119 posts
In 2023, OCR settled with a business associate that failed to ensure its subcontractors had proper safeguards in place for protected health information. The penalty
In 2023, OCR settled with a business associate that failed to ensure its subcontractor had adequate safeguards for protected health information — resulting in a six-figure
In June 2023, OCR settled with a business associate — a medical records management company — for $75,000 after a breach exposed the protected health information
In 2024, OCR settled with a New England dermatology practice for $300,000 after an investigation revealed it had allowed a business associate to access
When OCR investigated a small dental practice in 2023 for an impermissible disclosure of protected health information, the first document they requested was proof of
In 2023, a small dental practice in North Carolina paid $50,000 to settle a complaint with the Office for Civil Rights after a former
In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that a former employee had accessed over 2,700
In February 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed systemic failures across multiple
Why Employers Are Requiring Dual Certifications — and What Happens When You Don't Have Them In late 2023, a mid-size dental practice in Texas
When a Texas-based hospital system was fined by the state attorney general for failing to train its workforce on state-specific privacy requirements, the organization'
In February 2024, OCR announced a $4.75 million settlement with a health system that failed to manage its business associate relationships — a pattern enforcement
In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to conduct an enterprise-wide risk analysis — a fundamental gap
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.