What Is the HIPAA Compliance Framework? A Full Guide
In February 2024, OCR announced a $480,000 settlement with a New England dermatology practice that failed to conduct an enterprise-wide risk analysis — a core
HIPAA Security Rule risk analysis requirements, methodologies, and compliance strategies
In February 2024, OCR announced a $480,000 settlement with a New England dermatology practice that failed to conduct an enterprise-wide risk analysis — a core
In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement basic access controls on
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient names, treatment records, and
During a 2023 OCR investigation, a mid-sized cardiology practice received a $1.5 million penalty — not because of a sophisticated cyberattack, but because staff routinely
In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without any
In 2023, OCR settled with a regional hospital system that had failed to conduct a thorough risk analysis — and during the investigation, auditors discovered the
In 2023, OCR settled with a business associate that failed to ensure its subcontractors had proper safeguards in place for protected health information. The penalty
In June 2023, OCR settled with a business associate — a medical records management company — for $75,000 after a breach exposed the protected health information
In 2023, OCR settled with a solo dental practice in New England for $30,000—not because of a massive data breach, but because the
In 2023, the Department of Justice recovered over $2.68 billion in settlements and judgments related to healthcare fraud. Behind nearly every one of those
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a workforce member stole protected health information (PHI) of over
A vendor tells your compliance officer their software is "HIPAA approved." A business associate sends over a marketing sheet stamped with a green
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.