A collection of 54 posts
In 2023, OCR settled with a healthcare analytics company for over $1.5 million after the organization shared datasets it believed were de-identified — but which
In 2023, OCR settled with a covered entity for $1.3 million after an investigation revealed the organization had misclassified certain data as non-PHI — and
During a 2023 OCR investigation, a mid-sized cardiology practice received a $1.5 million penalty — not because of a sophisticated cyberattack, but because staff routinely
In 2023, OCR settled with a dental practice in New England for $50,000 after finding it had no policies implementing the Privacy Rule — despite
In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without any
A physician texts a colleague a patient's lab results using a personal smartphone. A front-desk coordinator sends an appointment reminder via standard SMS
In 2023, a mid-sized health plan paid over $1.2 million in a settlement with the HHS Office for Civil Rights after failing to produce
In 2023, OCR settled with a health system for $1.3 million after an investigation revealed that employee spreadsheets containing patient names, dates of birth,
When OCR announced a $4.8 million settlement with New York-Presbyterian Hospital and Columbia University in 2014, it was one of the first major enforcement
In January 2024, OCR settled with a dental practice in New England for $50,000 after investigators discovered the organization had been using a HIPAA
In 2023, a dental practice in New England paid $50,000 to settle an OCR investigation after a workforce member posted a patient's
In 2023, OCR settled with a dental practice for $50,000 after investigators discovered the organization had failed to provide patients with an adequate notice
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.