Protected Health Information

Which Is Not Considered Protected Health Information

In 2023, OCR settled with a covered entity for $1.3 million after an investigation revealed the organization had misclassified certain data as non-PHI — and

Jan 9, 2023

Which Items Are Considered PHI Under HIPAA Rules

In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient names, treatment records, and

Jan 9, 2023

PHI Access

Who Can Have Access to a Patient's PHI Under HIPAA

In 2023, OCR settled with a medical practice for $50,000 after an unauthorized employee accessed patient records with no treatment, payment, or operational justification.

Dec 14, 2022

PHI

Why Is PHI Important? The Stakes Behind Protecting It

In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without any

Dec 14, 2022

HIPAA History

Why Was HIPAA Enacted? The Real Regulatory History

In 1996, a patient could lose health insurance simply by changing jobs — and their most sensitive medical records could be shared between companies without their

Dec 14, 2022

American Health Training HIPAA

American Health Training HIPAA: What You Need to Know

In February 2024, OCR settled with a healthcare system for $480,000 after investigators found that workforce members had never completed HIPAA training — despite handling

Dec 13, 2022

HIPAA Certification

American Health Training HIPAA Certification Guide

In February 2023, OCR settled with a Florida-based medical practice for $30,000 after investigators found the organization had no evidence of workforce HIPAA training

Dec 13, 2022

HIPAA Authorization

Authorization for Release of Health Information Form

In 2023, OCR settled with a New England dermatology practice for $300,640 after the organization disclosed protected health information to a patient's

Dec 13, 2022

HIPAA Training

Best Online HIPAA Training: What Actually Meets the Rules

In February 2024, OCR settled with a Florida-based healthcare provider for $160,000 after a breach investigation revealed that multiple workforce members had never received

Dec 13, 2022

HIPAA Release Form

Blank HIPAA Release Form: What You Must Include

In 2023, OCR settled with a covered entity for over $100,000 after the organization disclosed protected health information without a valid authorization — partly because

Dec 13, 2022

Business Associate Agreement

Business Associate HIPAA Agreement: What Must Be Included

In September 2023, OCR settled with a health system for $1.3 million after investigators found the organization had allowed a vendor to access protected

Oct 28, 2022

Business Associates

Business Associates Must Comply with the HIPAA Privacy Standards

In 2023, OCR settled with a business associate — a medical records management company — for $100,000 after an investigation revealed failures to safeguard protected health

Oct 25, 2022

Protected Health Information

Ready to Simplify HIPAA Compliance?