HIPAA Fines Listed by Year

2020 HIPAA Fines

DateOrganizationFine TotalLink to OCR Settlement

The practice of Steven A. Porter, M.D

$100,000Health Care Provider Pays $100,000 Settlement to OCR for Failing to Implement HIPAA Security Rule Requirements
7/23/2020Metropolitan Community Health Services$25,000Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements
7/27/2020Lifespan Health System$1,040,000Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach
 2020 TOTAL:$1,165,000

2019 HIPAA Fines

DateOrganizationFine TotalLink to OCR Settlement
February 7, 2019

Cottage Health

$3,000,000Cottage Health Settles Potential Violations of HIPAA Rules for $3 Million
May 6, 2019Touchstone Medical Imaging$3,000,000Tennessee Diagnostic Medical Imaging Services Company Pays $3,000,000 to Settle Breach Exposing Over 300,000 Patients’ Protected Health Information
May 23, 2019Medical Informatics Engineering $100,000Indiana Medical Records Service Pays $100,000 to Settle HIPAA Breach – May 23, 2019
September 9, 2019Bayfront Health St. Petersburg$85,000

OCR Settles First Case in HIPAA Right of Access Initiative

October 2, 2019Elite Dental Associates$10,000Dental Practice Pays $10,000 to Settle Social Media Disclosures of Patients’ Protected Health Information
October 23, 2019

Jackson Health System


OCR Imposes a $2.15 Million Civil Money Penalty against Jackson Health System for HIPAA Violations

November 5, 2019University of Rochester Medical Center$3,000,000

Failure to Encrypt Mobile Devices Leads to $3 Million HIPAA Settlement

November 7, 2019

Texas Health and Human Services Commission


OCR Imposes a $1.6 Million Civil Money Penalty against Texas Health and Human Services Commission for HIPAA Violations

November 27, 2019Sentara Hospitals$2,175,000OCR Secures $2.175 Million HIPAA Settlement after Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
December 12, 2019Korunda Medical$85,000OCR Settles Second Case in HIPAA Right of Access Initiative
December 30, 2019West Georgia Ambulance$65,000Ambulance Company Pays $65,000 to Settle Allegations of Longstanding HIPAA Noncompliance
 2019 TOTAL:$15,270,000

2018 HIPAA Fines

DateOrganizationFine TotalLink to OCR Settlement
February 1, 2018Fresenius Medical Care North America (FMCNA)$3,500,000Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules
February 13, 2018 Filefax, Inc. $100,000 Consequences for HIPAA violations don’t stop when a business closes
June 18, 2018The University of Texas MD Anderson Cancer Center $4,348,000 Judge rules in favor of OCR and requires a Texas cancer center to pay $4.3 million in penalties for HIPAA violations
September 20, 2018 Boston Medical Center (BMC), Brigham and Women’s Hospital (BWH), and Massachusetts General Hospital (MGH)$999,000

Unauthorized Disclosure of Patients’ Protected Health Information During ABC Television Filming Results in Multiple HIPAA Settlements Totaling $999,000

October 16, 2018 Anthem$16,000,000

Anthem Pays OCR $16 Million in Record HIPAA Settlement Following Largest U.S. Health Data Breach in History

November 26, 2018Allergy Associates of Hartford, P.C.$125,000Allergy practice pays $125,000 to settle doctor’s disclosure of patient information to a reporter
December 4, 2018Advanced Care Hospitalists PL (ACH)$500,000Florida contractor physicians’ group shares protected health information with unknown vendor without a business associate agreement
December 11, 2018Pagosa Springs Medical Center (PSMC)$111,400Colorado hospital failed to terminate former employee’s access to electronic protected health information
December 12, 2018Cottage Health$3,000,000Cottage Health Settles Potential Violations of HIPAA Rules for $3 Million
 2018 TOTAL:$28,683,400

2017 HIPAA Fines

DateOrganizationFine TotalLink to OCR Settlement
January 9, 2017Presence Health$475,000First HIPAA enforcement action for lack of timely breach notification settles for $475,000
January 18, 2017MAPFRE$2,200,000HIPAA settlement demonstrates importance of implementing safeguards for ePHI
February 1, 2017Children’s Medical Center of Dallas$3,200,000Lack of timely action risks security and costs money
February 16, 2017Memorial Healthcare Systems$5,500,000$5.5 million HIPAA settlement shines light on the importance of audit controls
April 12, 2017Metro Community Provider Network (MCPN)$400,000Overlooking risks leads to breach, $400,000 settlement
April 20, 2017The Center for Children’s Digestive Health (CCDH)$31,000No Business Associate Agreement?  $31K Mistake
April 24, 2017CardioNet$2,500,000$2.5 million settlement shows that not understanding HIPAA requirements creates risk
May 10, 2017Memorial Hermann Health System (MHHS)$2,400,000Texas health system settles potential HIPAA violations for disclosing patient information
 May 23, 2017 St. Luke’s Roosevelt Hospital System Inc. $387,200Careless handling of HIV information jeopardizes patient’s privacy, costs entity $387k
 June 7, 2017 Rite Aid $1,000,000

Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case

 December 18, 2017 21st Century Oncology $2,300,000$2.3 Millon Levied for Multiple HIPAA Violations at NY-Based Provider
 2017 TOTAL:$20,393,200

2016 HIPAA Fines

DateOrganizationFine TotalLink to OCR Settlement
February 3, 2016Lincare, Inc.$239,800Administrative Law Judge rules in favor of OCR enforcement, requiring Lincare, Inc. to pay $239,800
February 16, 2016Physical Therapy$25,000Physical therapy provider settles violations that it impermissibly disclosed patient information
March 16, 2016North Memorial$1,550,000$1.55 million settlement underscores the importance of executing HIPAA business associate agreements
March 17, 2016Feinstein Research$3,900,000Improper disclosure of research participants’ protected health information results in $3.9 million HIPAA settlement
 April 20, 2016Raleigh Orthopaedic$750,000$750,000 settlement highlights the need for HIPAA business associate agreements
April 21, 2016New York Presbyterian$2,200,000Unauthorized Filming for “NY Med” Results in $2.2 Million Settlement with New York Presbyterian Hospital
June 29, 2016Catholic Health Services of Philadelphia$650,000Business Associate’s Failure to Safeguard Nursing Home Residents’ PHI Leads to $650,000 HIPAA Settlement
July 18, 2016Oregon Health & Science University$2,700,000Widespread HIPAA vulnerabilities result in $2.7 million settlement with Oregon Health & Science University
July 21, 2016University of Mississippi Medical Center$2,750,000Multiple alleged HIPAA violations result in $2.75 million settlement with the University of Mississippi Medical Center (UMMC)
August 4, 2016Advocate Health$5,550,000Advocate Health Care Settles Potential HIPAA Penalties for $5.55 Million
September 23, 2016Care New England Health System$400,000HIPAA settlement illustrates the importance of reviewing and updating, as necessary, business associate agreements
October 17, 2016St. Joseph’s$2,140,000$2.14 million HIPAA settlement underscores importance of managing security risk
November 22, 2016UMass$650,000UMass settles potential HIPAA violations following malware infection
2016 TOTAL:$23,504,800 

2015 HIPAA Fines

DateOrganizationFine TotalLink to OCR Settlement
April 22, 2015Cornell Prescription Pharmacy$125,000HIPAA Settlement Highlights the Continuing Importance of Secure Disposal of Paper Medical Records
June 10, 2015St. Elizabeth’s Medical Center$218,000HIPAA Settlement Highlights Importance of Safeguards When Using Internet Applications
August 31, 2015Cancer Care Group, P.C.$750,000750,000 HIPAA Settlement Emphasizes the Importance of Risk Analysis and Device and Media Control Policies
November 24, 2015Lahey Hospital and Medical Center$850,000HIPAA Settlement Reinforces Lessons for Users of Medical Devices
November 30, 2015Triple-S Management$3,500,000Triple-S Management Corporation Settles HHS Charges by Agreeing to $3.5 Million HIPAA Settlement
December 14, 2015University of Washington Medicine$750,000$750,000 HIPAA Settlement Underscores the Need for Organization Wide Risk Analysis
2015 TOTAL:$6,193,000

Avoid HIPAA Fines and Get Compliant Today

Get Started!