medcomply.ai
Intel
The HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy RuleThe HIPAA Security Rule — A Complete Guide for 2026 · Security RuleUnderstanding the HIPAA Breach Notification Rule · Data BreachHIPAA breach notification overview · Data BreachHow to respond to a HIPAA breach · Data BreachHIPAA compliance checklist for covered entities · AnalysisOCR audit preparation checklist and evidence map · OCR EnforcementPatient rights under HIPAA: practical guide · Rule UpdateHIPAA staff training requirements and cadence · AnalysisHIPAA for SaaS and technology vendors · SaaS & TechnologyHIPAA Security Rule overview for compliance teams · Security RuleWhat is a Business Associate Agreement (BAA)? · BAAWhat counts as PHI under HIPAA? · Privacy Rule
resolution agreement

HIPAA for IndividualsCorrective action / RA

Resolution

Penalty

Corrective action / RA

Action type

Resolution agreement

Entity profile

Case number

What went wrong

HIPAA for Individuals

  • Navigate to: HIPAA for Individuals HIPAA & Reproductive Health Mental Health & Substance Use Disorders Your Rights Under HIPAA Your Medical Records Employers and Health Information in the Workplace Personal Representatives Family Members and Friends Court Orders and Subpoenas Notice of Privacy Practices Right to Access HIV and HIPAA FAQs HIPAA for Individuals Learn your rights under HIPAA, how you

Full description

Navigate to: HIPAA for Individuals HIPAA & Reproductive Health Mental Health & Substance Use Disorders Your Rights Under HIPAA Your Medical Records Employers and Health Information in the Workplace Personal Representatives Family Members and Friends Court Orders and Subpoenas Notice of Privacy Practices Right to Access HIV and HIPAA FAQs HIPAA for Individuals Learn your rights under HIPAA, how your information may be used or shared, and how to file a complaint if you think your rights were violated. Your Rights Under HIPAA Learn more about your important rights under HIPAA and how your health information must be kept private and secure. HIPAA FAQs for Individuals Read frequently asked questions about HIPAA for individuals. Other Languages Español (Spanish), 繁體中文 (Chinese - Traditional), 简体中文 (Chinese – Simplified), Tiếng Việt (Vietnamese), 한국어 (Korean), Tagalog (Tagalog), Русский (Russian), العربية (Arabic), Français (French), Português (Portuguese), Kreyòl Ayisyen (French Creole), Polski (Polish), Italiano (Italian), Deutsch (German), 日本語 (Japanese), فارسی (Farsi) Content last reviewed June 17, 2017

Timeline

  • Resolution
  • Incident and investigation milestones are not consistently published by OCR in machine-readable form.

Key takeaways for your organization

  • Pair technical access controls with workforce training, sanctions, and proactive audit reviews for inappropriate access patterns.
  • Align policies, procedures, and evidence with the specific CFR provisions cited in OCR resolutions affecting your entity type.
  • Run tabletop exercises for breach response, OCR inquiry handling, and privilege-preserving communications with counsel.
  • Revisit business associate inventory and downstream vendor security assurances after major enforcement themes in your sector.

Related actions

Security Rule NPRM

Summary of the Security Rule

Security Guidance

Source

U.S. Department of Health and Human Services release

Source: U.S. Department of Health and Human Services, Office for Civil Rights. medcomply.ai aggregates public materials for educational use — not legal advice.