A collection of 228 posts
In February 2024, OCR announced a $4.75 million settlement with a nonprofit health system that failed to conduct an enterprise-wide risk analysis — a failure
In 2023, a dental practice in New England received a six-figure penalty from OCR after posting appointment reminders on a public-facing scheduling platform that exposed
In 2023 alone, OCR settled or imposed civil money penalties in cases totaling over $4 million — and the majority involved failures that any organization with
In February 2024, OCR announced a $4.75 million settlement with a hospital system that failed to conduct an enterprise-wide risk analysis — a requirement that
When OCR issues a corrective action plan or levies a six-figure penalty, the enforcement letter doesn't reference some obscure regulation — it cites the
In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that a single misconfigured server — one that the IT
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of over
In 2019, OCR settled with a dental practice in Texas for $10,000 after an investigation revealed the office had no written HIPAA policies, no
In February 2024, OCR settled with a New England health system for $1.3 million after investigators found that staff had been accessing patient records
In February 2024, OCR settled with a healthcare provider for $480,000 after an investigation revealed that their online patient portal lacked basic encryption safeguards
In February 2024, OCR announced a $4.75 million settlement with a major healthcare system that failed to provide patients timely access to their medical
In 2023, OCR settled with a New England dermatology practice for $300,640 after an investigation revealed the organization had failed to properly safeguard patient
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.