PHI Data: What Counts, What Doesn't, and What to Protect
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient records to a marketing
HIPAA Security Rule risk analysis requirements, methodologies, and compliance strategies
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient records to a marketing
In 2023, OCR settled with a dental practice for $350,000 after investigators found the organization had addressed its Privacy Rule obligations but had done
In early 2024, OCR settled with a telehealth provider for $950,000 after an investigation revealed the organization had deployed a cloud-based therapy platform without
In December 2022, OCR issued a bulletin explicitly warning healthcare organizations about the use of tracking technologies on websites and mobile apps — including pixels from
In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement even basic access controls
When HHS announced in late 2024 that the COVID-era telehealth enforcement discretion would not be extended indefinitely, many healthcare organizations realized they had been operating
When OCR investigated Premera Blue Cross in 2020, the resulting $6.85 million settlement exposed failures across every category of protection the HIPAA Security Rule
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a workforce member stole the protected health information of over
In February 2023, OCR announced a $1.3 million settlement with Banner Health after a breach affecting nearly 3 million individuals exposed catastrophic failures in
In February 2023, OCR announced a $1.3 million settlement with Banner Health after a hacking incident exposed the protected health information of nearly 3
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole electronic protected health information (ePHI) of
In February 2023, OCR settled with Banner Health for $1.25 million after a breach affected nearly 3 million patients — the result of insufficient access
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.