medcomply.ai
Intel
The HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy RuleThe HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy Rule
resolution agreement

FAQs for ProfessionalsCorrective action / RA

Resolution

Penalty

Corrective action / RA

Action type

Resolution agreement

Entity profile

Case number

What went wrong

FAQs for Professionals

  • Navigate to: Authorizations (30) Business Associates (41) Compliance Dates (2) Covered Entities (14) Decedents (9) Disclosures for Law Enforcement Purposes (5) Disclosures for Rule Enforcement (1) Disclosures in Emergency Situations (2) Disclosures Required by Law (6) Disclosures to Family and Friends (28) Disposal of Protected Health Information (6) Facility Directories (7) Family Medical History

Full description

Navigate to: Authorizations (30) Business Associates (41) Compliance Dates (2) Covered Entities (14) Decedents (9) Disclosures for Law Enforcement Purposes (5) Disclosures for Rule Enforcement (1) Disclosures in Emergency Situations (2) Disclosures Required by Law (6) Disclosures to Family and Friends (28) Disposal of Protected Health Information (6) Facility Directories (7) Family Medical History Information (3) FERPA and HIPAA (10) Group Health Plans (3) Incidental Uses and Disclosures (10) Judicial and Administrative Proceedings (8) Minimum Necessary (14) Notice of Privacy Practice (20) Preemption of State Law (10) Privacy Rule: General Topics (12) Protected Health Information (2) Public Health Uses and Disclosures (13) Research Uses and Disclosures (20) Right to an Accounting of Disclosures (8) Right to File a Complaint (1) Right to Request a Restriction (4) Safeguards (13) Security Rule (24) Smaller Providers and Businesses (145) Student Immunizations (8) Transition Provisions (3) Treatment, Payment, and Health Care Operations Disclosures (31) Workers Compensation Disclosures (5) Limited Data Set (6) Marketing (17) Marketing - Refill Reminders (16) Personal Representatives and Minors (12) Right to Access and Research (58) Mental Health (34) Health Information Technology (39) Telehealth (11) HIPAA FAQs for Professionals Search frequently asked questions about HIPAA by category, number, or keyword. Please note that some older FAQs have been sent to archive. This content is searchable using the search term ‘HIPAA FAQs’ at https://archive-it.org/collections/4657. FAQs by Category Select a Category Authorizations Business Associates Compliance Dates Covered Entities Decedents Disclosures for Law Enforcement Purposes Disclosures for Rule Enforcement Disclosures in Emergency Situations Disclosures Required by Law Disclosures to Family and Friends Disposal of Protected Health Information Facility Directories Family Medical History Information FERPA and HIPAA Group Health Plans Incidental Uses and Disclosures Judicial and Administrative Proceedings Minimum Necessary Notice of Privacy Practice Preemption of State Law Privacy Rule: General Topics Protected Health Information Public Health Uses and Disclosures Research Uses and Disclosures Right to an Accounting of Disclosures Right to File a Complaint Right to Request a Restriction Safeguards Security Rule Smaller Providers and Businesses Student Immunizations Transition Provisions Treatment, Payment, and Health Care Operations Disclosures Workers Compensation Disclosures Limited Data Set Marketing Marketing - Refill Reminders Personal Representatives and Minors Right to Access and Research Mental Health Health Information Technology Telehealth Search HIPAA FAQs by questions or keywords: Search HIPAA FAQs by questions or keywords Search Content last reviewed October 12, 2017

Timeline

  • Resolution
  • Incident and investigation milestones are not consistently published by OCR in machine-readable form.

Key takeaways for your organization

  • Document permitted uses and disclosures; obtain valid authorizations before marketing or public-facing communications that include PHI.
  • Align policies, procedures, and evidence with the specific CFR provisions cited in OCR resolutions affecting your entity type.
  • Run tabletop exercises for breach response, OCR inquiry handling, and privilege-preserving communications with counsel.
  • Revisit business associate inventory and downstream vendor security assurances after major enforcement themes in your sector.

Related actions

Security Rule NPRM

Summary of the Security Rule

Security Guidance

Source

U.S. Department of Health and Human Services release

Source: U.S. Department of Health and Human Services, Office for Civil Rights. medcomply.ai aggregates public materials for educational use — not legal advice.