News
Do I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business AssociatesYour 'Success Story' Program Just Cost This Rehab Facility $182,000: The Cadia Healthcare HIPAA Settlement · OCR EnforcementAn Accounting Firm Just Paid a HIPAA Fine: BST and Co. CPAs and What It Means for Professional Services Firms · OCR Enforcement15 Million Records, a $10,000 Fine, and a Company That No Longer Exists: The MMG Fusion Story · OCR EnforcementOCR Creates Religious Discrimination Units: What the Restructuring Means for HIPAA Enforcement · Rule UpdateOCR Director: The Cost of Doing Nothing Is Very High · Rule UpdateHIPAA Victims May Soon Receive a Share of OCR Fines: What the Proposed Compensation Program Means · Rule UpdateOCR Restructured: Three New Divisions and What It Means for HIPAA Enforcement · Rule UpdateRehab Center Pays $103,000 After Phishing Attack: OCR's 11th Risk Analysis Enforcement Action · OCR EnforcementConcentra Pays $112,500 After Patient Made Six Records Requests Over 13 Months · OCR EnforcementHIPAA Security Rule Final Rule: May Deadline Passes With No Announcement · Rule UpdateDo I Need a BAA With My Vendor? A Plain-English Guide to Which Vendors Require a Business Associate Agreement · Business AssociatesYour 'Success Story' Program Just Cost This Rehab Facility $182,000: The Cadia Healthcare HIPAA Settlement · OCR EnforcementAn Accounting Firm Just Paid a HIPAA Fine: BST and Co. CPAs and What It Means for Professional Services Firms · OCR Enforcement15 Million Records, a $10,000 Fine, and a Company That No Longer Exists: The MMG Fusion Story · OCR EnforcementOCR Creates Religious Discrimination Units: What the Restructuring Means for HIPAA Enforcement · Rule UpdateOCR Director: The Cost of Doing Nothing Is Very High · Rule UpdateHIPAA Victims May Soon Receive a Share of OCR Fines: What the Proposed Compensation Program Means · Rule UpdateOCR Restructured: Three New Divisions and What It Means for HIPAA Enforcement · Rule UpdateRehab Center Pays $103,000 After Phishing Attack: OCR's 11th Risk Analysis Enforcement Action · OCR EnforcementConcentra Pays $112,500 After Patient Made Six Records Requests Over 13 Months · OCR EnforcementHIPAA Security Rule Final Rule: May Deadline Passes With No Announcement · Rule Update
resolution agreement

HIPAA for Individuals: Corrective action / RA

Resolution ,

Penalty

Corrective action / RA

Action type

Resolution agreement

Entity profile

Case number

What went wrong

HIPAA for Individuals

  • Navigate to: HIPAA for Individuals HIPAA & Reproductive Health Mental Health & Substance Use Disorders Your Rights Under HIPAA Your Medical Records Employers and Health Information in the Workplace Personal Representatives Family Members and Friends Court Orders and Subpoenas Notice of Privacy Practices Right to Access HIV and HIPAA FAQs HIPAA for Individuals Learn your rights under HIPAA, how you

Full description

Navigate to: HIPAA for Individuals HIPAA & Reproductive Health Mental Health & Substance Use Disorders Your Rights Under HIPAA Your Medical Records Employers and Health Information in the Workplace Personal Representatives Family Members and Friends Court Orders and Subpoenas Notice of Privacy Practices Right to Access HIV and HIPAA FAQs HIPAA for Individuals Learn your rights under HIPAA, how your information may be used or shared, and how to file a complaint if you think your rights were violated. Your Rights Under HIPAA Learn more about your important rights under HIPAA and how your health information must be kept private and secure. HIPAA FAQs for Individuals Read frequently asked questions about HIPAA for individuals. Other Languages Español (Spanish), 繁體中文 (Chinese - Traditional), 简体中文 (Chinese – Simplified), Tiếng Việt (Vietnamese), 한국어 (Korean), Tagalog (Tagalog), Русский (Russian), العربية (Arabic), Français (French), Português (Portuguese), Kreyòl Ayisyen (French Creole), Polski (Polish), Italiano (Italian), Deutsch (German), 日本語 (Japanese), فارسی (Farsi) Content last reviewed June 17, 2017

Timeline

  • Resolution,
  • Incident and investigation milestones are not consistently published by OCR in machine-readable form.

Key takeaways for your organization

  • Pair technical access controls with workforce training, sanctions, and proactive audit reviews for inappropriate access patterns.
  • Align policies, procedures, and evidence with the specific CFR provisions cited in OCR resolutions affecting your entity type.
  • Run tabletop exercises for breach response, OCR inquiry handling, and privilege-preserving communications with counsel.
  • Revisit business associate inventory and downstream vendor security assurances after major enforcement themes in your sector.

Related actions

Ending Anti-Semitism on College Campuses

,

Keeping Food Ingredients Safe

,

Press Releases

,

Source

U.S. Department of Health and Human Services release

Source: U.S. Department of Health and Human Services, Office for Civil Rights. medcomply.ai aggregates public materials for educational use, not legal advice.