HIPAA Fines Listed by Year

HIPAA Settlements, Fines, and Penalties

HIPAA settlements are hard to keep track of–that’s why we’ve created this simple directory of large-scale HIPAA fines listed by year. All information on HIPAA violation cases is provided by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) on their HIPAA Resolution Agreements overview.

For the full list of HIPAA breaches and fines, you can visit OCR’s Breach Portal, or “Wall of Shame“. This is where OCR lists the countless other small-scale HIPAA breaches and fines. View our HIPAA fines chart below for the full HIPAA settlements list.

Remember that large-scale settlements are only a fraction of the fines levied by federal investigators every year. Once you’ve had a HIPAA breach, one of the consequences of violating HIPAA is that the name of your practice is permanently listed on The Wall of Shame for violating HIPAA–including the offense, date, and number of individuals affected.

Learn How We Help Avoid HIPAA Fines!

2021 HIPAA Fines

Date	Organization	Fine Total	OCR Settlement Announcement
1/12/2021	Banner Health	$200,000	OCR Settles Fourteenth Investigation in HIPAA Right of Access Initiative
1/15/2021	Lifetime Healthcare Companies	$5,100,000	Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People
2/10/2021	Renown Health, P.C	$75,000	OCR Settles Fifteenth Investigation in HIPAA Right of Access Initiative
2/12/2021	Sharp HealthCare	$70,000	OCR Settles Sixteenth Investigation in HIPAA Right of Access Initiative
3/24/2021	Arbour Hospital	$65,000	OCR Settles Seventeenth Investigation in HIPAA Right of Access Initiative
3/26/2021	Village Plastic Surgery	$30,000	OCR Settles Eighteenth Investigation in HIPAA Right of Access Initiative
5/25/2021	AEON Clinical Laboratories	$25,000	Clinical Laboratory Pays $25,000 to Settle Potential HIPAA Security Rule Violations
6/2/2021	The Diabetes, Endocrinology & Lipidology Center	$5,000	OCR Settles Nineteenth Investigation in HIPAA Right of Access Initiative











	2021 TOTAL:	$5,570,000

2020 HIPAA Fines

Date	Organization	Fine Total	Link to OCR Settlement
3/3/2020	The practice of Steven A. Porter, M.D	$100,000	Health Care Provider Pays $100,000 Settlement to OCR for Failing to Implement HIPAA Security Rule Requirements
7/23/2020	Metropolitan Community Health Services	$25,000	Small Health Care Provider Fails to Implement Multiple HIPAA Security Rule Requirements
7/27/2020	Lifespan Health System	$1,040,000	Lifespan Pays $1,040,000 to OCR to Settle Unencrypted Stolen Laptop Breach
9/15/2020	Housing Works, Inc	$38,000	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/15/2020	All Inclusive Medical Services, Inc	$15,000	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/15/2020	Beth Israel Lahey Behavioral Services	$70,000	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/15/2020	King MD	$3,500	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/15/2020	Wise Psychiatry, PC	$10,000	OCR Settles Five More Investigations in HIPAA Right of Access Initiative
9/21/2020	Athens Orthopedic Clinic PA	$1,500,000	Orthopedic Clinic Pays $1.5 Million to Settle Systemic Noncompliance with HIPAA Rules
9/23/2020	CHSPSC LLC	$2,300,000	HIPAA Business Associate Pays $2.3 Million to Settle Breach Affecting Protected Health Information of Over 6 million Individuals
9/25/2020	Premera Blue Cross	$6,850,000	Health Insurer Pays $6.85 Million to Settle Data Breach Affecting Over 10.4 Million People
10/7/2020	Dignity Health, DBA St. Joseph’s Hospital and Medical Center	$160,000	OCR Settles Eighth Investigation in HIPAA Right of Access Initiative
10/9/2020	NY Spine Medicine (NY Spine)	$100,000	OCR Settles Ninth Investigation in HIPAA Right of Access Initiative
10/28/2020	Aetna	$1,000,000	Aetna Pays $1,000,000 to Settle Three HIPAA Breaches
10/28/2020	Riverside Psychiatric Medical Group	$25,000	OCR Settles Tenth Investigation in HIPAA Right of Access Initiative
10/30/2020	City of New Haven, Connecticut	$202,400	City Health Department failed to terminate former employee’s access to protected health information
11/12/2020	Dr. Rajendra Bhayani	$15,000	OCR Settles Eleventh Investigation in HIPAA Right of Access Initiative
11/19/2020	University of Cincinnati Medical Center, LLC	$65,000	OCR Settles Twelfth Investigation in HIPAA Right of Access Initiative
12/22/2020	Elite Primary Care	$36,000	OCR Settles Thirteenth Investigation in HIPAA Right of Access Initiative
	2020 TOTAL:	$13,554,900

2019 HIPAA Fines

Date	Organization	Fine Total	Link to OCR Settlement
February 7, 2019	Cottage Health	$3,000,000	Cottage Health Settles Potential Violations of HIPAA Rules for $3 Million
May 6, 2019	Touchstone Medical Imaging	$3,000,000	Tennessee Diagnostic Medical Imaging Services Company Pays $3,000,000 to Settle Breach Exposing Over 300,000 Patients’ Protected Health Information
May 23, 2019	Medical Informatics Engineering	$100,000	Indiana Medical Records Service Pays $100,000 to Settle HIPAA Breach – May 23, 2019
September 9, 2019	Bayfront Health St. Petersburg	$85,000	OCR Settles First Case in HIPAA Right of Access Initiative
October 2, 2019	Elite Dental Associates	$10,000	Dental Practice Pays $10,000 to Settle Social Media Disclosures of Patients’ Protected Health Information
October 23, 2019	Jackson Health System	$2,150,000	OCR Imposes a $2.15 Million Civil Money Penalty against Jackson Health System for HIPAA Violations
November 5, 2019	University of Rochester Medical Center	$3,000,000	Failure to Encrypt Mobile Devices Leads to $3 Million HIPAA Settlement
November 7, 2019	Texas Health and Human Services Commission	$1,600,000	OCR Imposes a $1.6 Million Civil Money Penalty against Texas Health and Human Services Commission for HIPAA Violations
November 27, 2019	Sentara Hospitals	$2,175,000	OCR Secures $2.175 Million HIPAA Settlement after Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information