HIPAA Security Rule risk analysis requirements, methodologies, and compliance strategies
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a hospital employee sold protected health information (PHI) of over
In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to implement even basic safeguards for protected health information.
In 2023, a mid-sized clinic in the Southeast received a records request from OCR during a compliance review — and couldn't produce its risk
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of over
In June 2023, OCR settled with a dental practice for $350,000 after an investigation revealed unencrypted patient records stored on a network server with
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had no documentation of its risk analysis, policies,
In February 2023, OCR settled with a health system for $1.25 million after investigators found a fundamental gap: the organization had never conducted a
In February 2024, OCR announced a $4.75 million settlement with a hospital system that had failed to conduct an enterprise-wide risk analysis for over
In January 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to conduct an enterprise-wide risk
When OCR settled with Premera Blue Cross for $6.85 million in 2020, the enforcement action didn't hinge on a single failure. Investigators
In 2023, OCR settled with a Louisiana medical group for $480,000 after a HIPAA security incident involving a stolen unencrypted laptop — an incident the
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had no process for identifying or responding to
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.