News
Do I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business AssociatesYour 'Success Story' Program Just Cost This Rehab Facility $182,000: The Cadia Healthcare HIPAA Settlement · OCR EnforcementAn Accounting Firm Just Paid a HIPAA Fine: BST and Co. CPAs and What It Means for Professional Services Firms · OCR Enforcement15 Million Records, a $10,000 Fine, and a Company That No Longer Exists: The MMG Fusion Story · OCR EnforcementOCR Creates Religious Discrimination Units: What the Restructuring Means for HIPAA Enforcement · Rule UpdateOCR Director: The Cost of Doing Nothing Is Very High · Rule UpdateHIPAA Victims May Soon Receive a Share of OCR Fines: What the Proposed Compensation Program Means · Rule UpdateOCR Restructured: Three New Divisions and What It Means for HIPAA Enforcement · Rule UpdateRehab Center Pays $103,000 After Phishing Attack: OCR's 11th Risk Analysis Enforcement Action · OCR EnforcementConcentra Pays $112,500 After Patient Made Six Records Requests Over 13 Months · OCR EnforcementHIPAA Security Rule Final Rule: May Deadline Passes With No Announcement · Rule UpdateDo I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business AssociatesYour 'Success Story' Program Just Cost This Rehab Facility $182,000: The Cadia Healthcare HIPAA Settlement · OCR EnforcementAn Accounting Firm Just Paid a HIPAA Fine: BST and Co. CPAs and What It Means for Professional Services Firms · OCR Enforcement15 Million Records, a $10,000 Fine, and a Company That No Longer Exists: The MMG Fusion Story · OCR EnforcementOCR Creates Religious Discrimination Units: What the Restructuring Means for HIPAA Enforcement · Rule UpdateOCR Director: The Cost of Doing Nothing Is Very High · Rule UpdateHIPAA Victims May Soon Receive a Share of OCR Fines: What the Proposed Compensation Program Means · Rule UpdateOCR Restructured: Three New Divisions and What It Means for HIPAA Enforcement · Rule UpdateRehab Center Pays $103,000 After Phishing Attack: OCR's 11th Risk Analysis Enforcement Action · OCR EnforcementConcentra Pays $112,500 After Patient Made Six Records Requests Over 13 Months · OCR EnforcementHIPAA Security Rule Final Rule: May Deadline Passes With No Announcement · Rule Update
resolution agreement

File a HIPAA Complaint: Corrective action / RA

Resolution ,

Penalty

Corrective action / RA

Action type

Resolution agreement

Entity profile

Case number

What went wrong

File a HIPAA Complaint

  • Navigate to: Filing a Complaint Complaint Process File a Complaint Online What to Expect File a Patient Safety Confidentiality Complaint Filing a Health Information Privacy Complaint You may file a complaint with the Office for Civil Rights (OCR) if you believe:A HIPAA covered entity or its business associate violated your (or someone else’s) health information privacy rights or committed another

Full description

Navigate to: Filing a Complaint Complaint Process File a Complaint Online What to Expect File a Patient Safety Confidentiality Complaint Filing a Health Information Privacy Complaint You may file a complaint with the Office for Civil Rights (OCR) if you believe:A HIPAA covered entity or its business associate violated your (or someone else’s) health information privacy rights or committed another violation of the Privacy, Security, or Breach Notification Rules.A substance use disorder (SUD) treatment program violated your confidentiality rights under 42 CFR part 2 (called “Part 2”).OCR can investigate health information privacy complaints against covered entities (health plans, health care clearinghouses, or health care providers that conduct certain transactions electronically) and their business associates. OCR can also investigate complaints of Part 2 violations against a Part 2 program or its qualified service organization; a lawful holder of Part 2 records, such as a HIPAA covered entity or its business associate; or another person holding Part 2 records. Complaint Process Anyone can file a complaint if they believe there has been a violation of the HIPAA Rules or Part 2. Learn what you'll need to submit your complaint online or in writing. File a Complaint Online File your HIPAA or Part 2 complaint electronically via the OCR Complaint Portal. Filing a Patient Safety Confidentiality Complaint Read about the Patient Safety Confidentiality Act and Rule and how to file a complaint online or in writing. What to Expect Learn how OCR investigates your complaint and what happens after the investigation is complete. Content last reviewed February 13, 2026

Timeline

  • Resolution,
  • Incident and investigation milestones are not consistently published by OCR in machine-readable form.

Key takeaways for your organization

  • Align policies, procedures, and evidence with the specific CFR provisions cited in OCR resolutions affecting your entity type.
  • Run tabletop exercises for breach response, OCR inquiry handling, and privilege-preserving communications with counsel.
  • Revisit business associate inventory and downstream vendor security assurances after major enforcement themes in your sector.

Related actions

Ending Anti-Semitism on College Campuses

,

Keeping Food Ingredients Safe

,

Press Releases

,

Source

U.S. Department of Health and Human Services release

Source: U.S. Department of Health and Human Services, Office for Civil Rights. medcomply.ai aggregates public materials for educational use, not legal advice.