News

Read, Watch, Learn

Welcome to our Resource Center, your go-to source for information and resources related to healthcare compliance. Here, you'll find a wealth of information designed to help you navigate the complex world of HIPAA compliance with ease.

In the News Resources section, we provide information on the latest healthcare compliance news, including updates on HIPAA regulations, data breaches, and enforcement actions.

Healthcare Compliance & HIPAA News

Besides our HIPAA Violations & Fines Map the US Department of Health and Human Services publishes press releases on major violations.

Here are just a few recent examples of HIPAA Violations.


Banner Health Settles $1.25M with OCR over Cybersecurity Breach Impacting 2.81M Consumer

Updated - February 2, 2023

Banner Health has reached a settlement with the US Department of Health and Human Services' Office for Civil Rights (OCR) following a cybersecurity breach in 2016. The breach affected 2.81 million consumers, and a hacker accessed protected health information including patient names, dates of birth, addresses, and Social Security numbers. Banner Health has agreed to pay $1.25m and take corrective action to address violations of the HIPAA Security Rule...

Read more »

HHS Civil Rights Office Settles with Dental Practice Over Disclosure of Patient Health Information in Response to Online Reviews

Updated - December 14, 2022

The US Department of Health and Human Services' Office for Civil Rights (OCR) has settled with a California-based dental practice, B. Brandon Au, DDS, Inc., over its disclosure of patient protected health information (PHI) in response to online reviews on social media, violating the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. The dental practice paid $23,000 to OCR and agreed to implement a corrective action plan to resolve the investigation. OCR Director, Melanie Fontes Rainer, warned that providers cannot disclose protected health information when responding to negative online reviews and emphasized the importance of appropriately safeguarding patients' PHI...

Read more »

OCR Settlement with New England Dermatology Over Improper Disposal of PHI

Updated - August 23, 2022

The Office for Civil Rights (OCR) at the Department of Health and Human Services has settled with New England Dermatology P.C. over the improper disposal of protected health information. NEDLC paid $300,640 to OCR and agreed to implement a corrective action plan after empty specimen containers with patient information were placed in a garbage bin in the parking lot. OCR’s investigation found potential violations of the HIPAA Privacy Rule including the impermissible use and disclosure of PHI and failure to maintain appropriate safeguards to protect the privacy of PHI. In addition to the monetary settlement, NEDLC will undertake a corrective action plan, which includes two years of monitoring...

Read more »

Oklahoma State University Settles HIPAA Breach for $875,000

Updated - July 14, 2022

The Oklahoma State University – Center for Health Sciences (OSU-CHS) has reached a settlement with the U.S. Department of Health and Human Services (HHS) over potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules. The settlement involves the payment of $875,000 and the implementation of a corrective action plan. The settlement was reached after OSU-CHS reported that an unauthorized third party gained access to a web server that contained electronic protected health information (ePHI) of nearly 280,000 individuals. The investigation found several potential HIPAA Rule violations, including the failure to conduct an accurate and thorough risk analysis, the failure to implement audit controls, and the failure to provide timely breach notification to affected individuals and HHS...

Read more »

HIPAA Enforcement Actions Hold Healthcare Providers Accountable for Compliance

Updated - March 28, 2022

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has announced the resolution of three investigations and one matter before an Administration Law Judge related to compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Two of the cases are part of OCR’s HIPAA Right of Access Initiative, which supports individuals' right to timely access their health records under the HIPAA Privacy Rule. The other enforcement actions resulted from healthcare providers impermissibly disclosing their patients’ protected health information (PHI). OCR Director Lisa J. Pino emphasized the importance of compliance with HIPAA Rules, and announced that OCR will continue to protect individuals’ health information privacy and security through enforcement and pursue civil money penalties for violations that are not addressed. The enforcement actions include a settlement with Dr. Donald Brockley, D.D.M., a solo dental practitioner, and a $50,000 civil money penalty imposed on Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A. (UPI), a dental practice in North Carolina, among others...

Read more »

Children's Hospital Settles HIPAA Right of Access Investigation with $80,000

Updated - September 10, 2021

Children's Hospital & Medical Center in Omaha, Nebraska has agreed to pay $80,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard. The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services resolved its twentieth investigation in its HIPAA Right of Access Initiative, which aims to support individuals' right to timely access their health records at a reasonable cost. The parent of a minor child filed a complaint with OCR in May 2020, alleging that CHMC failed to provide her with timely access to her daughter's medical records. OCR found that CHMC's failure to provide timely access was a potential violation of the HIPAA right of access standard. In addition to the monetary settlement, CHMC will undertake a corrective action plan that includes one year of monitoring...

Read more »

Peachstate Clinical Laboratory Settles Potential HIPAA Security Rule Violations for $25,000

Updated - May 25, 2021

Peachstate Health Management, LLC, which provides diagnostic and laboratory-developed tests, has agreed to pay $25,000 and implement a corrective action plan to resolve potential violations of the HIPAA Security Rule. The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) conducted a compliance review of Peachstate and found systemic noncompliance with the HIPAA Security Rule. The investigation revealed the failure to conduct an enterprise-wide risk analysis, implement risk management and audit controls, and maintain documentation of HIPAA Security Rule policies and procedures. In addition to the monetary settlement, Peachstate has agreed to a corrective action plan that includes three years of monitoring...

Read more »

Plastic Surgery Center Settles HIPAA Violation for $30,000 in Eighteenth Right of Access Initiative Case

Updated - March 26, 2021

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services has settled its eighteenth enforcement action in the HIPAA Right of Access Initiative. Village Plastic Surgery, located in New Jersey, has agreed to pay $30,000 and take corrective actions to resolve a potential violation of the HIPAA Privacy Rule's right of access standard. The violation came to light after a patient's complaint that VPS failed to take timely action in response to their medical records access request. Following OCR's investigation, VPS provided the patient with their requested records. OCR has emphasized its commitment to enforcing individuals' rights to timely access to their health records at a reasonable cost under HIPAA, with appropriate remedial action against covered entities that fail to comply with their obligations...

Read more »

Health Insurer to Pay $5.1 Million in Settlement for Massive Data Breach

Updated - January 15, 2021

Excellus Health Plan has reached a $5.1 million settlement with the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) over a data breach that affected more than 9.3 million people. The New York health services corporation disclosed in 2015 that cyber-attackers had unauthorized access to its information technology systems, compromising sensitive information such as Social Security numbers, health plan claims, and clinical treatment information. OCR's investigation found potential HIPAA violations related to risk analysis, risk management, information system activity review, and access controls...

Read more »

Elite Primary Care Settles with OCR in HIPAA Right of Access Initiative for $36,000

Updated - December 22, 2020

The Office for Civil Rights (OCR) has settled another case as part of its HIPAA Right of Access Initiative. Peter Wrobel, M.D., P.C., doing business as Elite Primary Care, has agreed to pay $36,000 to settle a potential violation of the HIPAA Privacy Rule's right of access standard. The case was initiated in April 2019 after a patient complained that Elite had failed to respond to their request for access to medical records. The OCR provided technical assistance in May 2019, but another complaint was received in October 2019 alleging that access had still not been granted. OCR initiated an investigation and found that Elite's failure to provide the requested medical records was a potential violation of the HIPAA right of access standard. In addition to the settlement, Elite will undertake a corrective action plan that includes two years of monitoring...

Read more »

HHS Press Release: "OCR Settles Twelfth Investigation in HIPAA Right of Access Initiative"

Updated - November 19, 2020

The University of Cincinnati Medical Center, LLC (UCMC), which is an academic medical center providing healthcare services to the Greater Cincinnati community, has agreed to take corrective actions and pay $65,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard...

Read more »

HHS Press Release: "City Health Department failed to terminate former employee's access to protected health information"

Updated - October 30, 2020

The City of New Haven, Connecticut (New Haven) has agreed to pay $202,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules...

Read more »

HHS Press Release: "Aetna Pays $1,000,000 to Settle Three HIPAA Breaches"

Updated - October 28, 2020

Aetna Life Insurance Company and affiliated covered entity (Aetna) has agreed to pay $1,000,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules…

Read more »

HHS Press Release: "Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People"

Updated - September 25, 2020

Premera Blue Cross (PBC) has agreed to pay $6.85 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach affecting over 10.4 million people...

Read more »

Judge rules in favor of OCR and requires a Texas cancer center to pay $4.3 million in penalties for HIPAA violations

Updated - April 20, 2018

A U.S. Department of Health and Human Services Administrative Law Judge (ALJ) has ruled that The University of Texas MD Anderson Cancer Center (MD Anderson) violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and granted...

Read more »

$2.5 million settlement shows that not understanding HIPAA requirements creates risk

Updated - April 24, 2017

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI). CardioNet has...

Read more »

No Business Associate Agreement? $31K Mistake

Updated - April 20, 2017

The Center for Children’s Digestive Health (CCDH) has paid the U.S. Department of Health and Human Services (HHS) $31,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to implement a corrective action plan. CCDH is a small, for-profit health care...

Read more »

Overlooking risks leads to breach, $400,000 settlement

Updated - April 12, 2017

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the lack of a security management process to safeguard electronic protected health information (ePHI). Metro Community Provider Network (MCPN), a federally-qualified health center (FQHC) of Denver, Colorado has...

Read more »

Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI Leads to $650,000 HIPAA Settlement

Updated - June 29, 2016

Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule after the theft of a CHCS mobile device compromised the protected health information...

Read more »

And the list goes on...

You work too hard at your business to let compliance issues shut you down…
You worry about your business. Let us take care of compliance. To learn more about HIPAA Healthcare Compliance and how we can help, please call:
877-560-4261 or contact us at any time.