HIPAA Privacy Rule requirements and guidance
In 2023, a dental practice in the Southeast received an OCR investigation after a patient complained that their protected health information was shared with a
In February 2024, OCR announced a $4.75 million settlement with a hospital system after a nurse accessed patient records without a treatment, payment, or
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a workforce member stole the protected health information of over
In 2023, a mid-sized health plan paid $1.3 million to settle with OCR after a breach investigation revealed that staff had been sharing spreadsheets
In 2023, OCR investigated a mid-sized hospital system that disclosed five years of patient records to a life insurance company based on an authorization form
In February 2024, OCR settled with a healthcare provider for $480,000 after investigators found the organization had failed to conduct a risk analysis, neglected
In January 2024, OCR settled with a New England dermatology practice for $300,000 after a breach exposed the electronic protected health information of nearly
In February 2024, OCR settled with a New York medical practice for $100,000 after the organization failed to provide a timely written response to
In 2018, OCR settled with Filefax Inc. for $100,000 after the company left medical records — paper records containing protected health information — sitting in an
When OCR investigators arrive at a covered entity's door — whether triggered by a patient complaint or a reported breach — the first thing they
In January 2024, OCR settled with a dental practice in New England for $50,000 after investigators discovered the organization had been using a HIPAA
When OCR investigated Anthem Inc. and imposed a record $16 million settlement in 2018, the enforcement action didn't just cite a data breach.
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.