OCR Enforcement Intelligence
Every HIPAA Penalty. Tracked and Analyzed.
The most comprehensive database of HHS OCR enforcement actions, settlements, and data breaches — sourced directly from official HHS records and updated continuously.
Enforcement actions tracked
186
Total penalties assessed
$119.0M
Individuals affected (breaches in hub)
8,765,412
Largest single penalty
$16.0M
Anthem pays OCR $16 Million in record HIPAA settlement following largest health data breach in history
Penalties by year
Aggregate OCR/HHS penalty dollars in the medcomply enforcement dataset.
Showing 25 of 186 enforcement actions
Filtered total: $118,964,203 in penalties
| Entity | State | Type | Penalty | Date | Violations | Details |
|---|---|---|---|---|---|---|
Anthem pays OCR $16 Million in record HIPAA settlement following largest health data breach in history | — | Settlement | $16,000,000 | Oct 2018 | Navigate to: HIPAA for Professionals Reg… | View → |
Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People | — | Resolution agreement | $6,850,000 | Sep 2020 | Navigate to: HIPAA for Professionals Reg… | View → |
Advocate Health Care Settles Potential HIPAA Penalties for $5.55 Million | — | Settlement | $5,550,000 | Aug 2016 | Navigate to: HIPAA for Professionals Reg… | View → |
$5.5 million HIPAA settlement shines light on the importance of audit controls | — | Settlement | $5,500,000 | Feb 2017 | Navigate to: HIPAA for Professionals Reg… | View → |
Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People | — | Resolution agreement | $5,100,000 | Jan 2021 | Navigate to: HIPAA for Professionals Reg… | View → |
Data Breach Results in $4.8 Million HIPAA Settlements | — | Settlement | $4,800,000 | May 2014 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million | NY | Settlement | $4,750,000 | Feb 2024 | Navigate to: HIPAA for Professionals Reg… | View → |
Judge rules in favor of OCR and requires a Texas cancer center to pay $4.3 million in penalties for HIPAA violations | MD | Resolution agreement | $4,300,000 | Jun 2018 | Navigate to: HIPAA for Professionals Reg… | View → |
Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA settlement | — | Settlement | $3,900,000 | Mar 2016 | Navigate to: HIPAA for Professionals Reg… | View → |
Triple-S Management Corporation Settles HHS Charges by Agreeing to $3.5 Million HIPAA Settlement | — | Settlement | $3,500,000 | Nov 2015 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS Office for Civil Rights Settles HIPAA Phishing Cybersecurity Investigation with Solara Medical Supplies, LLC for $3,000,000 | — | Settlement | $3,000,000 | Jan 2025 | View → | |
Failure to Encrypt Mobile Devices Leads to $3 Million HIPAA Settlement | — | Settlement | $3,000,000 | Nov 2019 | Navigate to: HIPAA for Professionals Reg… | View → |
Tennessee Diagnostic Medical Imaging Services Company Pays $3,000,000 to Settle Breach Exposing Over 300,000 Patients' Protected Health Information | — | Resolution agreement | $3,000,000 | May 2019 | Navigate to: HIPAA for Professionals Reg… | View → |
Cottage Health Settles Potential Violations of HIPAA Rules for $3 Million | — | Settlement | $3,000,000 | Feb 2019 | Navigate to: HIPAA for Professionals Reg… | View → |
Multiple alleged HIPAA violations result in $2.75 million settlement with the University of Mississippi Medical Center (UMMC) | — | Settlement | $2,750,000 | Jul 2016 | Navigate to: HIPAA for Professionals Reg… | View → |
Widespread HIPAA vulnerabilities result in $2.7 million settlement with Oregon Health & Science University | — | Settlement | $2,700,000 | Jul 2016 | Navigate to: HIPAA for Professionals Reg… | View → |
$2.5 million settlement shows that not understanding HIPAA requirements creates risk | — | Settlement | $2,500,000 | Apr 2017 | Navigate to: HIPAA for Professionals Reg… | View → |
HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individual | — | Resolution agreement | $2,300,000 | Sep 2020 | Navigate to: HIPAA for Professionals Reg… | View → |
Unauthorized Filming for “NY Med” Results in $2.2 Million Settlement with New York Presbyterian Hospital | NY | Settlement | $2,200,000 | Apr 2016 | Navigate to: HIPAA for Professionals Reg… | View → |
OCR Secures $2.175 Million HIPAA Settlement After Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information | — | Settlement | $2,175,000 | Nov 2019 | Navigate to: HIPAA for Professionals Reg… | View → |
OCR Imposes a $2.15 Million Civil Money Penalty against Jackson Health System for HIPAA Violations | — | CMP | $2,150,000 | Oct 2019 | Navigate to: HIPAA for Professionals Reg… | View → |
$2.14 million HIPAA settlement underscores importance of managing security risk | — | Settlement | $2,140,000 | Oct 2016 | Navigate to: HIPAA for Professionals Reg… | View → |
Concentra Settles HIPAA Case for $1,725,220 | — | Settlement | $1,725,220 | Apr 2014 | Navigate to: HIPAA for Professionals Reg… | View → |
WellPoint Settles HIPAA Security Case for $1,700,000 | — | Settlement | $1,700,000 | Jul 2013 | Navigate to: HIPAA for Professionals Reg… | View → |
Alaska DHSS Settles HIPAA Security Case for $1,700,000 | — | Settlement | $1,700,000 | Jun 2012 | Navigate to: HIPAA for Professionals Reg… | View → |
Page 1 of 8
Download full dataset →