Workforce Training

HIPAA Privacy Rule

When Can You Use or Disclose PHI: A Compliance Guide

In 2023, OCR settled with a dental practice for $350,000 after the organization disclosed a patient's protected health information to a third-party

Jan 27, 2023

HIPAA Certification

Where Can I Get HIPAA Certification? A Compliance Expert's Guide

Every week, at least one compliance officer or new hire sends me some version of the same question: where can I get HIPAA certification? The

Jan 9, 2023

Technical Safeguards

Which Action Would Be Considered a Technical Safeguard

In 2023, OCR settled with a health system for $1.3 million after investigators found the organization had failed to implement basic access controls on

Jan 9, 2023

Protected Health Information

Which Is Not Considered Protected Health Information

In 2023, OCR settled with a covered entity for $1.3 million after an investigation revealed the organization had misclassified certain data as non-PHI — and

Jan 9, 2023

Protected Health Information

Which Items Are Considered PHI Under HIPAA Rules

In 2023, OCR settled with a dental practice for $350,000 after an investigation revealed the organization had been disclosing patient names, treatment records, and

Jan 9, 2023

ePHI

Which of the Following Is an Example of ePHI?

During a 2023 OCR investigation, a mid-sized cardiology practice received a $1.5 million penalty — not because of a sophisticated cyberattack, but because staff routinely

Jan 9, 2023

PHI Access

Who Can Have Access to a Patient's PHI Under HIPAA

In 2023, OCR settled with a medical practice for $50,000 after an unauthorized employee accessed patient records with no treatment, payment, or operational justification.

Dec 14, 2022

HIPAA Privacy Rule

Who Is Required to Comply with the HIPAA Privacy Rule

In 2023, OCR settled with a dental practice in New England for $50,000 after finding it had no policies implementing the Privacy Rule — despite

Dec 14, 2022

PHI

Why Is PHI Important? The Stakes Behind Protecting It

In 2023, OCR settled with Yakima Valley Memorial Hospital for $240,000 after 23 security guards were found snooping through patient medical records without any

Dec 14, 2022

HIPAA History

Why Was HIPAA Enacted? The Real Regulatory History

In 1996, a patient could lose health insurance simply by changing jobs — and their most sensitive medical records could be shared between companies without their

Dec 14, 2022

HIPAA Violations

Workplace HIPAA Violation: How It Happens and What to Do

In 2023, a hospital employee in New York accessed the medical records of a coworker out of curiosity — no treatment purpose, no payment reason, no

Dec 14, 2022

American Health Training HIPAA

American Health Training HIPAA: What You Need to Know

In February 2024, OCR settled with a healthcare system for $480,000 after investigators found that workforce members had never completed HIPAA training — despite handling

Dec 13, 2022