Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

  • About HHS
  • Programs & Services
  • Grants & Contracts
  • Laws & Regulations
  • Radical Transparency
  • Big Wins
  • HIPAA for Individuals
  • Filing a Complaint
  • HIPAA for Professionals
  • Newsroom
Breadcrumb
  1. HHS
  2. HIPAA Home
  3. For Professionals
  4. HIPAA Compliance and Enforcement
  5. Case Examples
  6. Case Examples Organized by Issue
  • HIPAA for Professionals
  • Regulatory Initiatives
  • Privacy
    • Summary of the Privacy Rule
    • Guidance
    • Combined Text of All Rules
    • HIPAA Related Links
  • Security
    • Security Rule NPRM
    • Summary of the Security Rule
    • Security Guidance
    • Cyber Security Guidance
  • Breach Notification
    • Breach Reporting
    • Guidance
    • Reports to Congress
    • Regulation History
  • Compliance & Enforcement
    • Enforcement Rule
    • Enforcement Process
    • Enforcement Data
    • Resolution Agreements
    • Case Examples
    • Audit
    • Reports to Congress
    • State Attorneys General
  • Special Topics
    • HIPAA and Part 2
    • Change Healthcare Cybersecurity Incident FAQs
    • HIPAA and COVID-19
    • HIPAA and Reproductive Health
      • HIPAA and Final Rule Notice
    • HIPAA and Telehealth
    • HIPAA and FERPA
    • Research
    • Public Health
    • Emergency Response
    • Health Information Technology
    • Health Apps
  • Patient Safety
  • Covered Entities & Business Associates
    • Business Associate Contracts
    • Business Associates
  • Training & Resources
  • FAQs for Professionals
  • Other Administrative Simplification Rules

Case Examples Organized by Issue

Topics on this page:

  • Access
  • Authorizations
  • Business Associates
  • Conditioning Compliance with the Privacy Rule
  • Confidential Communications
  • Disclosures to Avert a Serious Threat to Health or Safety
  • Impermissible Uses and Disclosures
  • Minimum Necessary
  • Notice
  • Restrictions
  • Safeguards

Access

  • Private Practice Revises Process to Provide Access to Records
  • Private Practice Revises Process to Provide Access to Records
  • Private Practice Revises Access Policy
  • Private Practice Revises Access Procedure
  • Mental Health Center Provides Access after Denial
  • Mental Health Center Provides Access and Revises Policies and Procedures

Back to Top


Authorizations

  • Large Provider Revises Process to Prevent Unauthorized Disclosures to Employers
  • HMO Revises Process to Obtain Valid Authorizations
  • Mental Health Center Provides Access after Denial

Back to Top


Business Associates

  • Pharmacy Chain Enters into Business Associate Agreement

Back to Top


Conditioning Compliance with the Privacy Rule

  • Private Practice Ceases Conditioning of Compliance with the Privacy Rule

Back to Top


Confidential Communications

  • Hospital Implements New Policies for Telephone Messages
  • Large Provider Revises Patient Contact Process

Back to Top


Disclosures to Avert a Serious Threat to Health or Safety

  • Hospital Issues Guidelines Regarding Disclosures to Avert Threats to Health or Safety

Back to Top


Impermissible Uses and Disclosures

  • Pharmacy Chain Changes Process for Disclosures to Law Enforcement
  • Large Medicaid Plan Corrects Vulnerability that Had Resulted in Wrongful Disclosure
  • National Pharmacy Chain Extends Protections for Protected Health Information
  • Health Plan Corrects Impermissible Disclosure of Protected Health Information
  • Large Provider Revises Process to Prevent Unauthorized Disclosures to Employers
  • Public Hospital Corrects Impermissible Disclosure of Protected Health Information in Response to a Subpoena
  • Outpatient Surgical Facility Corrects Privacy Procedure in Research Recruitment
  • Clinic Sanctions Supervisor for Accessing Employee Medical Record
  • Large Provider Revises Patient Contact Process
  • Large Health Care Provider Restricts Use of Patient Records
  • Hospital Revises Email Distribution as a Result of an Impermissible Disclosure
  • Private Practice Revises Policies and Procedures Addressing Activities Preparatory to Research

Back to Top


Minimum Necessary

  • Hospital Implements New Policies for Telephone Messages
  • Dentist Changes Process to Safeguard PHI

Back to Top


Notice

  • Mental Health Center Corrects Process for Providing Notice of Privacy Practices

Back to Top


Restrictions

  • Mental Health Center Provides Access and Revises Policies and Procedures

Back to Top


Safeguards

  • Pharmacy Chain Institutes New Safeguards for Protected Health Information
  • Large Medicaid Plan Corrects Vulnerability that Had Resulted in Wrongful Disclosure
  • Health Plan Corrects Computer Flaw that Caused Mailing of EOBs to Wrong Persons
  • National Pharmacy Chain Extends Protections for Protected Health Information

Back to Top

Case Examples

  • All Case Examples
  • Case Examples by Covered Entity
  • Case Examples by Issue

Resolution Agreements

Providence Health & Services
Content created by Office for Civil Rights (OCR)
Content last reviewed December 23, 2022
Back to top

Subscribe to Email Updates

Receive the latest updates from the Secretary and Press Releases.

Subscribe
  • Contact HHS
  • Careers
  • HHS FAQs
  • Nondiscrimination Notice
  • Press Room
  • HHS Archive
  • Accessibility Statement
  • Privacy Policy
  • Budget/Performance
  • Inspector General
  • Web Site Disclaimers
  • EEO/No Fear Act
  • FOIA
  • The White House
  • USA.gov
  • Vulnerability Disclosure Policy
HHS Logo

HHS Headquarters

200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free Call Center: 1-877-696-6775​

Follow HHS

Follow Secretary Kennedy