A collection of 12 posts
In 2023, OCR settled with a healthcare provider for $1.3 million after an investigation revealed the organization had failed to implement even basic technical
When OCR settled with Premera Blue Cross for $6.85 million in 2020, the root cause wasn't a single missing firewall or an
In March 2023, OCR settled with a New England dermatology practice for $300,640 after an investigation revealed that the organization had been disposing of
In 2019, a small cardiology practice in New England received a complaint after a terminated employee reported that patient records were stored in an unlocked
When OCR investigated Premera Blue Cross in 2020, the resulting $6.85 million settlement exposed failures across every category of protection the HIPAA Security Rule
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole electronic protected health information (ePHI) of
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had failed to implement even basic safeguards for
Every year, OCR investigations reveal the same pattern: organizations that misidentify what HIPAA actually requires end up with the most damaging audit findings. One of
In 2018, OCR settled with Filefax Inc. for $100,000 after the company left medical records — paper records containing protected health information — sitting in an
In February 2024, OCR announced a $480,000 settlement with a New England dermatology practice that failed to implement even basic security measures after a
In 2023, OCR settled with a healthcare provider for $1.3 million after an investigation revealed the organization had no encryption on portable devices, no
In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to implement even basic security
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.