HIPAA Security Rule requirements and implementation
In 2023, OCR settled with a dental practice for $350,000 after investigators found the organization had no written policies addressing either patient privacy or
In 2024, OCR settled a HIPAA enforcement case with Montefiore Medical Center for $4.75 million after a workforce member stole protected health information on
In 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed critical failures across multiple HIPAA
In 2023, the Office for Civil Rights (OCR) settled or imposed penalties in cases totaling over $4 million — all stemming from organizations that failed to
In 2023 alone, the HHS Office for Civil Rights (OCR) settled or imposed penalties in dozens of enforcement actions totaling tens of millions of dollars
In February 2023, OCR settled with a dental practice in New England for $23,000 after a patient complaint revealed the organization had no written
In February 2023, OCR settled with Banner Health for $1.25 million after a phishing attack exposed the protected health information of nearly 3 million
In 2023, OCR settled with Banner Health for $1.25 million after a breach affecting nearly 3 million individuals exposed failures across multiple HIPAA requirements
A physician texts a colleague a patient's lab results using a personal smartphone. A front-desk coordinator sends an appointment reminder via standard SMS
In 2024, OCR settled with a medical transcription company for $1.2 million after a breach investigation revealed the business associate had never conducted a
In 2023, OCR settled with a solo dental practice in Indiana for $50,000 after a patient complaint revealed the office had no written policies,
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had never performed penetration testing or vulnerability scanning
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.