Risk Analysis

HIPAA Privacy Rule

HIPAA Privacy and Security Rule: What Your Organization Must Know

In February 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to conduct an enterprise-wide risk

Sep 13, 2025

HIPAA Privacy Rule

HIPAA Privacy Rule Compliance: What OCR Expects

In February 2024, OCR announced a $4.75 million settlement with a major healthcare system that failed to provide patients timely access to their medical

Jul 23, 2025

HIPAA Privacy Violations

HIPAA Privacy Violations: How They Happen and How to Prevent Them

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a hospital employee sold protected health information (PHI) of over

Jul 23, 2025

HIPAA Protection Rule

HIPAA Protection Rule: What Your Organization Must Do

In February 2024, OCR announced a $4.75 million settlement with a healthcare system that failed to implement even basic safeguards for protected health information.

Jul 9, 2025

HIPAA Records Retention

HIPAA Records Retention Policy: What You Must Keep

In 2023, a mid-sized clinic in the Southeast received a records request from OCR during a compliance review — and couldn't produce its risk

Jul 4, 2025

HIPAA Requirements

HIPAA Requirement Basics Every Covered Entity Must Know

In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole the protected health information of over

Jul 4, 2025

HIPAA Data Storage

HIPAA Requirements for Data Storage: A Practical Guide

In June 2023, OCR settled with a dental practice for $350,000 after an investigation revealed unencrypted patient records stored on a network server with

May 3, 2025

HIPAA Retention Policy

HIPAA Retention Policy: What You Must Keep and For How Long

In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had no documentation of its risk analysis, policies,

May 3, 2025

HIPAA Risk Assessment

HIPAA Risk Assessment Requirement: What OCR Expects

In February 2023, OCR settled with a health system for $1.25 million after investigators found a fundamental gap: the organization had never conducted a

May 3, 2025

HIPAA Risks

HIPAA Risks Every Healthcare Organization Must Address

In February 2024, OCR announced a $4.75 million settlement with a hospital system that had failed to conduct an enterprise-wide risk analysis for over

May 3, 2025

HIPAA Rules and Compliance

HIPAA Rules and Compliance: What Enforcement Data Reveals

In January 2024, OCR settled with a healthcare system for $4.75 million after investigators found the organization had failed to conduct an enterprise-wide risk

May 3, 2025

HIPAA Privacy Rule

HIPAA Rules Are Divided Into 2 Sections: Privacy and Security

When OCR settled with Premera Blue Cross for $6.85 million in 2020, the enforcement action didn't hinge on a single failure. Investigators

May 3, 2025