Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • About HHS
  • MAHA in Action
  • Programs & Services
  • Grants & Contracts
  • Laws & Regulations
  • Radical Transparency
  • HIPAA for Individuals
  • Filing a Complaint
  • HIPAA for Professionals
  • Newsroom
Breadcrumb
  1. HHS
  2. HIPAA Home
  3. For Professionals
  4. HIPAA Compliance and Enforcement
  5. Case Examples
  6. Case Examples Organized by Issue
  • HIPAA for Professionals
  • Regulatory Initiatives
  • Privacy
    • Summary of the Privacy Rule
    • Guidance
    • Combined Text of All Rules
    • HIPAA Related Links
  • Security
    • Security Rule NPRM
    • Summary of the Security Rule
    • Security Guidance
    • Cyber Security Guidance
  • Breach Notification
    • Breach Reporting
    • Guidance
    • Reports to Congress
    • Regulation History
  • Compliance & Enforcement
    • Enforcement Rule
    • Enforcement Process
    • Enforcement Data
    • Resolution Agreements
    • Case Examples
    • Audit
    • Reports to Congress
    • State Attorneys General
  • Special Topics
    • HIPAA and Part 2
    • Change Healthcare Cybersecurity Incident FAQs
    • HIPAA and COVID-19
    • HIPAA and Reproductive Health
      • HIPAA and Final Rule Notice
    • HIPAA and Telehealth
    • HIPAA and FERPA
    • Research
    • Public Health
    • Emergency Response
    • Health Information Technology
    • Health Apps
  • Patient Safety
  • Covered Entities & Business Associates
    • Business Associate Contracts
    • Business Associates
  • Training & Resources
  • FAQs for Professionals
  • Other Administrative Simplification Rules

Case Examples Organized by Issue

Topics on this page:

  • Access
  • Authorizations
  • Business Associates
  • Conditioning Compliance with the Privacy Rule
  • Confidential Communications
  • Disclosures to Avert a Serious Threat to Health or Safety
  • Impermissible Uses and Disclosures
  • Minimum Necessary
  • Notice
  • Restrictions
  • Safeguards

Access

  • Private Practice Revises Process to Provide Access to Records
  • Private Practice Revises Process to Provide Access to Records
  • Private Practice Revises Access Policy
  • Private Practice Revises Access Procedure
  • Mental Health Center Provides Access after Denial
  • Mental Health Center Provides Access and Revises Policies and Procedures

Back to Top


Authorizations

  • Large Provider Revises Process to Prevent Unauthorized Disclosures to Employers
  • HMO Revises Process to Obtain Valid Authorizations
  • Mental Health Center Provides Access after Denial

Back to Top


Business Associates

  • Pharmacy Chain Enters into Business Associate Agreement

Back to Top


Conditioning Compliance with the Privacy Rule

  • Private Practice Ceases Conditioning of Compliance with the Privacy Rule

Back to Top


Confidential Communications

  • Hospital Implements New Policies for Telephone Messages
  • Large Provider Revises Patient Contact Process

Back to Top


Disclosures to Avert a Serious Threat to Health or Safety

  • Hospital Issues Guidelines Regarding Disclosures to Avert Threats to Health or Safety

Back to Top


Impermissible Uses and Disclosures

  • Pharmacy Chain Changes Process for Disclosures to Law Enforcement
  • Large Medicaid Plan Corrects Vulnerability that Had Resulted in Wrongful Disclosure
  • National Pharmacy Chain Extends Protections for Protected Health Information
  • Health Plan Corrects Impermissible Disclosure of Protected Health Information
  • Large Provider Revises Process to Prevent Unauthorized Disclosures to Employers
  • Public Hospital Corrects Impermissible Disclosure of Protected Health Information in Response to a Subpoena
  • Outpatient Surgical Facility Corrects Privacy Procedure in Research Recruitment
  • Clinic Sanctions Supervisor for Accessing Employee Medical Record
  • Large Provider Revises Patient Contact Process
  • Large Health Care Provider Restricts Use of Patient Records
  • Hospital Revises Email Distribution as a Result of an Impermissible Disclosure
  • Private Practice Revises Policies and Procedures Addressing Activities Preparatory to Research

Back to Top


Minimum Necessary

  • Hospital Implements New Policies for Telephone Messages
  • Dentist Changes Process to Safeguard PHI

Back to Top


Notice

  • Mental Health Center Corrects Process for Providing Notice of Privacy Practices

Back to Top


Restrictions

  • Mental Health Center Provides Access and Revises Policies and Procedures

Back to Top


Safeguards

  • Pharmacy Chain Institutes New Safeguards for Protected Health Information
  • Large Medicaid Plan Corrects Vulnerability that Had Resulted in Wrongful Disclosure
  • Health Plan Corrects Computer Flaw that Caused Mailing of EOBs to Wrong Persons
  • National Pharmacy Chain Extends Protections for Protected Health Information

Back to Top

Case Examples

  • All Case Examples
  • Case Examples by Covered Entity
  • Case Examples by Issue

Resolution Agreements

Providence Health & Services
Content created by Office for Civil Rights (OCR)
Content last reviewed December 23, 2022
Back to top
Secretary Robert F. Kennedy Jr.

Follow @SecKennedy

HHS icon

Follow @HHSGov

HHS Email updates

Receive email updates from HHS.

Subscribe

HHS Logo

HHS Headquarters

200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775​

  • Contact HHS
  • Careers
  • HHS FAQs
  • Nondiscrimination Notice
  • Press Room
  • HHS Archive
  • Accessibility Statement
  • Privacy Policy
  • Budget/Performance
  • Inspector General
  • Web Site Disclaimers
  • EEO/No Fear Act
  • FOIA
  • The White House
  • USA.gov
  • Vulnerability Disclosure Policy