Workforce Training

PHI

PHI HIPAA Compliance: Protecting Health Data in 2024

In February 2024, OCR announced a $4.75 million settlement with a nonprofit health system that failed to conduct an enterprise-wide risk analysis — leaving the

Jan 15, 2024

PHI

PHI in Healthcare Meaning: What Counts as Protected Data

In 2023, OCR settled with a dental practice in New England for $50,000 after it disclosed patient records to a third-party marketing firm without

Jan 15, 2024

PHI

PHI in Written or Verbal Form: What HIPAA Requires

In 2022, a dental practice in New England received a corrective action from OCR after an employee discussed a patient's treatment plan loudly

Jan 15, 2024

PHI

PHI Is an Acronym For: What Healthcare Teams Must Know

In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had disclosed patient records to a third-party marketing

Jan 15, 2024

PHI Protection

PHI Must Be Protected in All Forms Except: Myth vs. Rule

A compliance officer at a mid-size clinic recently told me her staff believed that PHI must be protected in all forms except verbal conversations — that

Jan 15, 2024

PHI Data

PHI Data: What Counts, What Doesn't, and What to Protect

In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient records to a marketing

Jan 15, 2024

Privacy Rule

Privacy Rule Definition: What It Actually Requires

In February 2023, OCR settled with a dental practice for $195,000 after investigators found the organization had no written policies implementing the HIPAA Privacy

Jan 8, 2024

HIPAA Privacy Rule

Privacy vs Security Rule HIPAA: Key Differences Explained

In 2023, OCR settled with a dental practice for $350,000 after investigators found the organization had addressed its Privacy Rule obligations but had done

Jan 8, 2024

HIPAA Violation

How to Report a HIPAA Violation: A Step-by-Step Guide

In January 2024, a medical receptionist in Texas discovered her supervisor was accessing patient records for personal reasons — looking up neighbors, family members, even local

Dec 15, 2023

Cloud Security

Security Measures for PHI in Cloud-Based Therapy Apps

In early 2024, OCR settled with a telehealth provider for $950,000 after an investigation revealed the organization had deployed a cloud-based therapy platform without

Dec 15, 2023

HIPAA Compliance

Social Media Firms HIPAA Compliance Expertise Gap

In December 2022, OCR issued a bulletin explicitly warning healthcare organizations about the use of tracking technologies on websites and mobile apps — including pixels from

Dec 15, 2023

Telehealth Compliance

Telehealth Compliance: What HIPAA Requires in 2025

When HHS announced in late 2024 that the COVID-era telehealth enforcement discretion would not be extended indefinitely, many healthcare organizations realized they had been operating

Oct 11, 2023