OCR Enforcement Insights
Every HIPAA Penalty. Tracked and Analyzed.
The most comprehensive database of HHS OCR enforcement actions, settlements, and data breaches, sourced directly from official HHS records and updated continuously.
Enforcement actions tracked
194
Total penalties assessed
$119.0M
Individuals affected (breaches in hub)
11,016,155
Largest single penalty
$16.0M
Anthem pays OCR $16 Million in record HIPAA settlement following largest health data breach in history
Penalties by year
Aggregate OCR/HHS penalty dollars in the medcomply enforcement dataset.
Showing 25 of 194 enforcement actions
Filtered total: $118,964,203 in penalties
| Entity | State | Type | Penalty | Date | Violations | Details |
|---|---|---|---|---|---|---|
HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation with Comstar, LLC | MA | Settlement | , | May 2025 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS Office for Civil Rights Settles HIPAA Cybersecurity Investigation with Vision Upright MRI | CT | Settlement | , | May 2025 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS Office for Civil Rights Imposes a $200,000 Penalty Against Oregon Health & Science University for Failure to Provide Timely Access to Patient Records | — | CMP | $200,000 | Mar 2025 | Navigate to: Press Room HHS Live Podcast… | View → |
HHS Office for Civil Rights Imposes a $1,500,000 Civil Money Penalty Against Warby Parker in HIPAA Cybersecurity Hacking Investigation | — | CMP | $1,500,000 | Feb 2025 | Navigate to: Press Room HHS Live Podcast… | View → |
HHS Office for Civil Rights Settles HIPAA Case Against Memorial Healthcare System Over Patient Access to Records | — | Settlement | , | Jan 2025 | View → | |
HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $10,000 | — | Settlement | $10,000 | Jan 2025 | View → | |
HHS Office for Civil Rights Settles HIPAA Phishing Cybersecurity Investigation with Solara Medical Supplies, LLC for $3,000,000 | — | Settlement | $3,000,000 | Jan 2025 | View → | |
HHS Office for Civil Rights Settles HIPAA Security Rule Investigation with USR Holdings, LLC Concerning the Deletion of Electronic Protected Health Information | — | Settlement | , | Jan 2025 | View → | |
HHS Office for Civil Rights Settles with Health Care Clearinghouse, Inmediata Health Group, Over HIPAA Impermissible Disclosure | — | Settlement | , | Dec 2024 | View → | |
HHS Office for Civil Rights Imposes a $548,265 Penalty Against Children’s Hospital Colorado for HIPAA Privacy and Security Rules Violations | — | CMP | $548,265 | Dec 2024 | View → | |
HHS Office for Civil Rights Imposes a $1.19 Million Penalty Against Gulf Coast Pain Consultants for HIPAA Security Rule Violations | — | CMP | $1,190,000 | Dec 2024 | View → | |
HHS Office for Civil Rights Imposes a $100,000 Penalty Against Mental Health Center for Failure to Provide Timely Access to Patient Records | — | CMP | $100,000 | Nov 2024 | View → | |
HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000 | — | Settlement | $90,000 | Oct 2024 | View → | |
HHS Office for Civil Rights Imposes a $70,000 Civil Monetary Penalty Against Gums Dental Care for Failure to Provide Timely Access to Patient Records | — | CMP | $70,000 | Oct 2024 | View → | |
HHS Office for Civil Rights Imposes a $240,000 Civil Monetary Penalty Against Providence Medical Institute in HIPAA Ransomware Cybersecurity Investigation | — | CMP | $240,000 | Oct 2024 | View → | |
HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation under HIPAA Security Rule for $250,000 | — | Settlement | $250,000 | Sep 2024 | View → | |
HHS Office for Civil Rights Settles HIPAA Security Rule Failures for $950,000 | — | Settlement | $950,000 | Jul 2024 | View → | |
HHS OCR Imposes a CMP on NJ Nursing Facility for Failing to Provide Timely Access to Patient Records | MA | CMP | , | Apr 2024 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS OCR Imposes a CMP on NJ Nursing Facility for Failing to Provide Timely Access to Patient Records | MA | CMP | , | Apr 2024 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS’ OCR Settles HIPAA Investigation with Phoenix Healthcare | OK | Settlement | , | Mar 2024 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS Finalizes New Provisions to Enhance Integrated Care and Confidentiality for Patients with Substance Use Conditions | — | Resolution agreement | , | Feb 2024 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million | NY | Settlement | $4,750,000 | Feb 2024 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS’ Office for Civil Rights Settles HIPAA Investigation of St. Joseph’s Medical Center for Disclosure of Patients’ Protected Health Information to a News Reporter | TN | Settlement | , | Nov 2023 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS’ Office for Civil Rights Settles Optum Medical Care | NJ | Settlement | , | Nov 2023 | Navigate to: HIPAA for Professionals Reg… | View → |
HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation with Doctors’ Management Services | MA | Settlement | , | Oct 2023 | Navigate to: HIPAA for Professionals Reg… | View → |
Page 1 of 8
Download full dataset →