• Text Resize A A A
  • Print Print
  • Share Share on facebook Share on twitter Share

HIPAA News Releases & Bulletins

City Health Department failed to terminate former employee’s access to protected health information - October 30, 2020

Aetna Pays $1,000,000 to Settle Three HIPAA Breaches - October 28, 2020

OCR Settles Ninth Investigation in HIPAA Right of Access Initiative - October 9, 2020

OCR Settles Eighth Investigation in HIPAA Right of Access Initiative - October 7, 2020

Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People - September 25, 2020

HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individual - September 23, 2020

Orthopedic Clinic Pays $1.5 Million to Settle Systemic Noncompliance with HIPAA Rules - September 21, 2020

OCR Settles Five More Investigations in HIPAA Right of Access Initiative - September 15, 2020

Trump Administration Adds Health Plans to June 2020 Plasma Donation Guidance - August 24, 2020

Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach - July 27, 2020

Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements - July 23, 2020

OCR Issues Guidance on How Health Care Providers Can Contact Former COVID-19 Patients About Blood and Plasma Donation Opportunities - June 12, 2020

OCR Issues Guidance on Covered Health Care Providers and Restrictions on Media Access to Protected Health Information about Individuals in Their Facilities - May 5, 2020

OCR Announces Notification of Enforcement Discretion for Community-Based Testing Sites During the COVID-19 Nationwide Public Health Emergency - April 9, 2020

OCR Announces Notification of Enforcement Discretion to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities During The COVID-19 Nationwide Public Health Emergency - April 2, 2020

OCR Issues Bulletin on Civil Rights Laws and HIPAA Flexibilities That Apply During the COVID-19 Emergency - March 28, 2020

OCR Issues Guidance to Help Ensure First Responders and Others Receive Protected Health Information about Individuals Exposed to COVID-19 - March 24, 2020

OCR Issues Guidance on Telehealth Remote Communications Following Its Notification of Enforcement Discretion - March 20, 2020

OCR Announces Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency - March 17, 2020

Health Care Provider Pays $100,000 Settlement to OCR for Failing to Implement HIPAA Security Rule Requirements - March 3, 2020

OCR Issues Guidance to Help Ensure Equal Access to Emergency Services and the Appropriate Sharing of Medical Information Following Puerto Rico Earthquakes - January 09, 2020

Ambulance Company Pays $65,000 to Settle Allegations of Longstanding HIPAA Noncompliance - December 30, 2019

OCR Settles Second Case in HIPAA Right of Access Initiative - December 12, 2019

OCR Secures $2.175 Million HIPAA Settlement After Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information - November 26, 2019

OCR Imposes a $1.6 Million Civil Money Penalty against Texas Health and Human Services Commission for HIPAA Violations - November 7, 2019

Failure to Encrypt Mobile Devices Leads to $3 Million HIPAA Settlement - November 5, 2019

OCR Imposes a $2.15 Million Civil Money Penalty against Jackson Health System for HIPAA Violations - October 23, 2019

Dental Practice Pays $10,000 to Settle Social Media Disclosures of Patients’ Protected Health Information - October 2, 2019

OCR Settles First Case in HIPAA Right of Access Initiative - September 9, 2019

OCR Issues Guidance to Help Ensure Equal Access to Emergency Services and the Appropriate Sharing of Medical Information during Hurricane Dorian - September 3, 2019

Indiana Medical Records Service Pays $100,000 to Settle HIPAA Breach - May 23, 2019

Tennessee Diagnostic Medical Imaging Services Company Pays $3,000,000 to Settle Breach Exposing Over 300,000 Patients' Protected Health Information - May 6, 2019

OCR Concludes 2018 with All-Time Record Year for HIPAA Enforcement - February 7, 2019

Cottage Health Settles Potential Violations of HIPAA Rules for $3 Million - February 7, 2019

Colorado hospital failed to terminate former employee’s access to electronic protected health information - December 11, 2018

Florida contractor physicians' group shares protected health information with unknown vendor without a business associate agreement - December 4, 2018

Allergy Practice pays $125,000 to settle doctor's disclosure of patient information to a reporter - November 26, 2018

OCR provides FAQs on Patient Access and APIs

OCR released frequently asked questions about the Health Insurance Portability and Accountability Act (HIPAA) right of access related to apps designated by the individual and application programming interfaces (APIs) used by the provider’s electronic health record system. This release was in conjunction with CMS and ONC announcing that they are extending the public comment period by 30 days for two proposed regulations aimed at promoting the interoperability of health information technology and enabling patients to electronically access their health information.

OCR Launches Public Education Campaign About Civil Rights Protections in Response to the National Opioid Crisis - October 25, 2018

Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) launched a public education campaign on civil rights protections in response to the national opioid crisis.  The materials inform the public about civil rights protections that may apply to a person in recovery from an opioid addiction and ensure that covered entities are aware of their obligation to comply with federal nondiscrimination laws.

Anthem pays OCR $16 Million in record HIPAA settlement following largest health data breach in history – October 15, 2018

Unauthorized Disclosure of Patients’ Protected Health Information During ABC Doumentary Filming Results in Multiple HIPAA Settlements Totaling $999,000 – September 20, 2018

A previous version of this release mistakenly identified the TV series as  “Boston Med.”  “Boston Med,” also an ABC television series, was not involved in this investigation.


OCR Issues Guidance to Help Ensure Equal Access to Emergency Services and the Appropriate Sharing of Medical Information During Hurricane Florence

In preparation for Hurricane Florence, OCR has issued a press release providing resources and effective practices to help emergency responders and officials effectively serve at-risk populations and ensure that the whole community is included in emergency response and recovery efforts.  OCR continues to coordinate with our sister agencies and federal partners to make sure that responsible officials are mindful of all segments of the community as they prepare for disaster response in the areas affected by Hurricane Florence.

Judge rules in favor of OCR and requires a Texas cancer center to pay $4.3 million in penalties for HIPAA violations - June 18, 2018

Consequences for HIPAA violations don’t stop when a business closes -  February 13, 2018

Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules - February 1, 2018

Failure to protect the health records of millions of people costs entity millions of dollars - December 28, 2017

HHS Office for Civil Rights Issues Guidance on how HIPAA Allows Information Sharing to Address the Opioid Crisis - October 27, 2017

Careless handling of HIV information jeopardizes patient’s privacy, costs entity $387k - May 23, 2017

Texas health system settles potential HIPAA violations for disclosing patient information - May 10, 2017

$2.5 million settlement shows that not understanding HIPAA requirements creates risk - April 24, 2017

No Business Associate Agreement?  $31K Mistake - April 20, 2017

Overlooking risks leads to breach, $400,000 settlement - April 12, 2017

$5.5 million HIPAA settlement shines light on the importance of audit controls - February 16, 2017

Lack of timely action risks security and costs money - February 1, 2017

HIPAA settlement demonstrates importance of implementing safeguards for ePHI - January 18, 2017
Comunicado de prensa (Spanish)

First HIPAA enforcement action for lack of timely breach notification settles for $475,000 - January 9, 2017

UMass settles potential HIPAA violations following malware infection - November 22, 2016

$2.14 million HIPAA settlement underscores importance of managing security risk - October 17, 2016

OCR Releases New Guidance on HIPAA and Cloud Computing - October 6, 2016

HIPAA settlement illustrates the importance of reviewing and updating, as necessary, business associate agreements - September 23, 2016

Advocate Health Care Settles Potential HIPAA Penalties for $5.55 Million - August 4, 2016

Multiple alleged HIPAA violations result in $2.75 million settlement with the University of Mississippi Medical Center (UMMC) - July 21, 2016

Widespread HIPAA vulnerabilities result in $2.7 million settlement with Oregon Health & Science University - July 18, 2016

Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI Leads to $650,000 HIPAA Settlement - June 29, 2016

HHS Guidance Regarding Patient Safety Work Product and Providers’ External Obligations -
June 23, 2016

Clarification of Permissible Fees for HIPAA Right of Access - Flat Rate Option Up to $6.50 is Not a Cap on All Fees for Copies of PHI - May 23, 2016

Unauthorized Filming for "NY Med" Results in $2.2 Million Settlement with New York Presbyterian Hospital - April 21, 2016

$750,000 settlement highlights the need for HIPAA business associate agreements - April 19, 2016

OCR Launches Phase 2 of HIPAA Audit Program - March 21, 2016

Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA settlement - March 17, 2016

$1.55 million settlement underscores the importance of executing HIPAA business associate agreements - March 16, 2016

New HIPAA Guidance Reiterates Patients’ Right to Access Health Information and Clarifies Appropriate Fees for Copies - February 25, 2016

Addressing Gaps in Cybersecurity: OCR Releases Crosswalk Between HIPAA Security Rule and NIST Cybersecurity Framework - 02/24/2016

Physical therapy provider settles violations that it impermissibly disclosed patient information - 02/16/2016

Administrative Law Judge rules in favor of OCR enforcement, requiring Lincare, Inc. to pay $239,800 - 02/03/2016

Individuals’ Right Under HIPAA to Access their Health Information - 01/07/2016

OCR Launches Redesigned Website

Obama Administration Modifies HIPAA to Strengthen the Firearm Background Check System - 01/04/2016

$750,000 HIPAA Settlement Underscores the Need for Organization Wide Risk Analysis - 12/14/2015

Triple-S Management Corporation Settles HHS Charges by Agreeing to $3.5 Million HIPAA Settlement - 11/30/2015

HIPAA Settlement Reinforces Lessons for Users of Medical Devices - 11/25/2015

OCR Invites Developers to Ask Questions about HIPAA Privacy and Security - 10/5/2015

$750,000 HIPAA Settlement Emphasizes the Importance of Risk Analysis and Device and Media Control Policies - 9/2/2014

HIPAA Settlement Highlights Importance of Safeguards When Using Internet Applications - 7/10/2015

HIPAA Settlement Highlights the Continuing Importance of Secure Disposal of Paper Medical Records - 4/30/2015

NEW Guidance on HIPAA and Workplace Wellness Programs - 4/16/15

Version 2.0 of the Guide to Privacy and Security of Electronic Health Information released. - 4/13/2015


Content created by Office for Civil Rights (OCR)
Content last reviewed on October 30, 2020