A collection of 14 posts
In 2023, OCR settled with a healthcare system for $1.3 million after an investigation revealed that a single misconfigured server — one that the IT
In 2023, OCR settled with a healthcare provider for $1.3 million after an investigation revealed the organization had failed to implement even basic technical
When OCR settled with Premera Blue Cross for $6.85 million in 2020, the root cause wasn't a single missing firewall or an
In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement even basic access controls
When OCR investigated Premera Blue Cross in 2020, the resulting $6.85 million settlement exposed failures across every category of protection the HIPAA Security Rule
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee stole electronic protected health information (ePHI) of
In 2023, OCR settled with a healthcare system for $1.3 million after investigators found the organization had failed to implement even basic safeguards for
In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement basic access controls on
Every year, OCR investigations reveal the same pattern: organizations that misidentify what HIPAA actually requires end up with the most damaging audit findings. One of
In February 2024, OCR settled with a healthcare provider for $480,000 after investigators found the organization had never conducted a comprehensive risk analysis — a
In February 2024, OCR announced a $4.75 million settlement with Montefiore Medical Center after a former employee accessed and sold the electronic protected health
In February 2024, OCR announced a $480,000 settlement with a New England dermatology practice that failed to implement even basic security measures after a
Join healthcare organizations that trust HIPAA Certify for their workforce training and compliance tracking.