All insights
Deep dives mapped to the Privacy, Security, and Breach Notification Rules, written for operators who need plain-English explanations, CFR citations, and practical checklists.
Try: BAA, Security Rule, breach notification, PHI, OCR enforcement
Featured insight
OCR Enforcement
Cadia Healthcare posted patient names, photos, and treatment details as 'success stories' on their public website without HIPAA authorization. OCR's investigation found 150 patients affected and fined the facility group $182,000. Here is what every healthcare marketing team needs to know.
OCR Enforcement
BST and Co. CPAs, a New York public accounting firm, settled with OCR for a ransomware breach affecting patient financial data. The case is a warning for every professional services firm that handles healthcare client data.
OCR Enforcement
OCR fined MMG Fusion just $10,000 for exposing 15 million patients' data — the company has since dissolved. The real story is what this means for every dental practice that trusted them with patient data.
OCR Enforcement
Top of the World Ranch Treatment Center paid $103,000 to settle HIPAA violations after a 2023 phishing attack exposed patient records. OCR found the center had never completed a HIPAA Security Rule risk analysis.
OCR Enforcement
OCR's 54th Right of Access enforcement action settled with Concentra Inc. for $112,500 after a patient had to make six separate records requests over more than a year before receiving access to his health information.
OCR Enforcement
OCR imposed a $1.5 million civil money penalty on Warby Parker in February 2025 for HIPAA Security Rule violations following credential stuffing attacks. The case is a landmark warning for any non-healthcare company that operates an employer health plan or handles employee health data.
OCR Enforcement
OCR has now resolved more than 50 HIPAA enforcement actions in 2026 under its Risk Analysis and Right of Access initiatives. A new enforcement focus on parental access to minor records adds a third priority area every practice must understand.
OCR Enforcement
A complete guide to preparing for an OCR HIPAA audit or investigation — what OCR requests, how to organize your evidence, and the specific documentation that determines audit outcomes.
OCR Enforcement
HHS published updated HIPAA civil money penalty amounts effective January 2026. Here are the current figures for all four violation tiers and what they mean for your compliance program.
OCR Enforcement
OCR's May 2026 enforcement action against a self-funded employer group health plan marks a significant expansion of HIPAA enforcement beyond traditional healthcare entities. Here is what every employer with a self-funded health plan must know.
OCR Enforcement
OCR's settlement with Assured Imaging highlights two compounding violations: no risk analysis ever conducted and delayed breach notification. Here is what every covered entity must learn from this case.
OCR Enforcement
OCR announced four simultaneous HIPAA settlements on April 23, 2026 totaling $1.165 million following ransomware investigations. All four failed the same requirement.