A collection of 210 posts
A scheduling coordinator at a mid-size orthopedic practice pulled a patient's full medical record — psychiatric notes, HIV status, substance abuse history — just to
Most People Spell It Wrong — And That's Just the Start I once sat in a boardroom where a hospital CEO had "HIPPA
A psychiatrist's office in Connecticut faxed 65 pages of therapy notes to a patient's employer. The patient had signed a form
A hospital system in the Midwest recently terminated three employees after a post-training assessment revealed they could not correctly identify what constitutes protected health information
In 2023, a mid-size hospital system in the Southeast received a corrective action mandate from OCR after routinely using an outdated, overly broad release form
In 2023, OCR settled with a dental practice in New England for $50,000 after a patient filed a complaint that the practice had disclosed
In February 2024, OCR announced a $4.75 million settlement with a nonprofit health system that failed to conduct an enterprise-wide risk analysis — a failure
In 2023, a dental practice in New England received a six-figure penalty from OCR after posting appointment reminders on a public-facing scheduling platform that exposed
In 2023 alone, OCR settled or imposed civil money penalties in cases totaling over $4 million — and the majority involved failures that any organization with
In February 2024, OCR announced a $4.75 million settlement with a hospital system that failed to conduct an enterprise-wide risk analysis — a requirement that
When OCR issues a corrective action plan or levies a six-figure penalty, the enforcement letter doesn't reference some obscure regulation — it cites the
In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that a single misconfigured server — one that the IT
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.