HIPAA Security Rule requirements and implementation
In February 2024, OCR announced a $4.75 million settlement with a hospital system after a nurse accessed patient records without a treatment, payment, or
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a workforce member stole the protected health information of over
In February 2024, OCR settled with a healthcare provider for $480,000 after investigators found the organization had failed to conduct a risk analysis, neglected
In January 2024, OCR settled with a New England dermatology practice for $300,000 after a breach exposed the electronic protected health information of nearly
When OCR investigators arrive at a covered entity's door — whether triggered by a patient complaint or a reported breach — the first thing they
When OCR investigated Anthem Inc. and imposed a record $16 million settlement in 2018, the enforcement action didn't just cite a data breach.
In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed that not a single member of their workforce could correctly
In 2023, OCR settled with a Florida-based health system for $1.2 million after investigators found that the organization lacked a qualified individual overseeing its
In March 2024, OCR settled with a healthcare provider for $950,000 after an investigation revealed the organization had failed to conduct a risk analysis
In February 2023, OCR settled with a healthcare provider for $1.25 million after determining the organization had never conducted a comprehensive risk analysis — despite
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee accessed and sold the electronic protected health
In 2023, OCR settled with a dental practice in New England for $50,000 — not because they lacked policies, but because the policies they had
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.