HIPAA Fines Listed by Year
HIPAA Settlements, Fines, and Penalties
HIPAA settlements are hard to keep track of–that’s why we’ve created this simple directory of large-scale HIPAA fines listed by year. All information on HIPAA violation cases is provided by the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) on their HIPAA Resolution Agreements overview.
For the full list of HIPAA breaches and fines, you can visit OCR’s Breach Portal, or “Wall of Shame“. This is where OCR lists the countless other small-scale HIPAA breaches and fines. View our HIPAA fines chart below for the full HIPAA settlements list.
Remember that large-scale settlements are only a fraction of the fines levied by federal investigators every year. Once you’ve had a HIPAA breach, one of the consequences of violating HIPAA is that the name of your practice is permanently listed on The Wall of Shame for violating HIPAA–including the offense, date, and number of individuals affected. Look through this chart for HIPAA violation case examples.
Get Compliant. Avoid Fines.
See how our software helps you avoid fines likes the ones listed below
2024 HIPAA Fines $5,315,000
The investigation begun from a complaint involving 291,000 files containing PHI. The investigation found multiple violations stemming from the failure to conduct a risk analysis and insufficient monitoring against cyber attacks. See the full details here!
A patient requested a copy of their medical records from American Medical Response (AMR). After several attempts, and AMR’s failure to provide the records, the patient issued a complaint with OCR. See the full details here!
In May 2020, a complaint was filed against Hackensack Meridian Health alleging that the skilled nursing facility failed to provide a patient’s personal representative with a copy of requested medical records. As a result of an OCR investigation, the records were provided in November 2020. See the full details here!
submitted a breach report to OCR, informing the HIPAA enforcers that it had suffered an attack on its network server, compromising the PHI of more than 14,000 patients. See the full details here!
The NYPD informed Montefiore Medical Center that there was evidence that patient information had been stolen from the hospital’s database. It turns out, the culprit was an employee.
For six months, the employee in question stole patient PHI and sold it to an identity theft ring. What’s worse is, the incident occurred two years prior to the NYPD informing them, putting into question the data security practices of Montefiore.
Date | Organization | Fine Total | OCR Settlement Announcement |
3/28/2022 |
Dr. Donald Brockley, D.D.M |
$30,000 | |
3/28/2022 | Dr. U. Phillip Igbinadolor, D.M.D. & Associates, P.A. | $50,000 | |
3/28/2022 | Jacob and Associates | $28,000 | |
3/28/2022 | Northcutt Dental | $62,500 | |
7/14/2022 | Oklahoma State University | $875,000 | Oklahoma State University – Center for Health Services Pays $875,000 to Settle Hacking Breach |
7/15/2022 | ACPM Podiatry | $100,000 | ACPM Podiatry HIPAA Enforcement Action |
7/15/2022 | Associated Retina Specialists | $22,500 | Associated Retina Specialists HIPAA Enforcement Action |
7/15/2022 | Dr. Lawrence Bell, D.D.S. | $5,000 | Dr. Lawrence Bell, D.D.S. HIPAA Enforcement Action |
7/15/2022 | Coastal Ear, Nose, and Throat | $20,000 | Coastal Ear, Nose, and Throat HIPAA Enforcement Action |
7/15/2022 | Danbury Psychiatric Consultants, LLC | $3,500 | |
7/15/2022 | Erie County Medical Center Corporation | $50,000 | Erie County Medical Center Corporation HIPAA Enforcement Action |
7/15/2022 | Fallbrook Family Health Center | $30,000 | Fallbrook Family Health Center HIPAA Enforcement Action |
7/15/2022 | Hillcrest Commons Nursing and Rehabilitation | $55,000 | Hillcrest Commons Nursing and Rehabilitation HIPAA Enforcement Action |
7/15/2022 | Melrose Walkefield Healthcare | $55,000 | Melrose Walkefield Healthcare HIPAA Enforcement Action |
7/15/2022 | Memorial Hermann Health System | $240,000 | Memorial Hermann Health System HIPAA Enforcement Action |
7/15/2022 | Southwest Surgical Associates, LLP | $65,000 | Southwest Surgical Associates, LLP HIPAA Enforcement Action |
8/23/2022 | New England Dermatology and Laser Center | $300,640 | Investigation Leads to $300,640 HIPAA Settlement and Corrective Action Plan |
9/20/2022 | Family Dental Care | $30,000 | Trio of Dentist HIPAA Violations Leads to $135,000 in Settlements |
9/20/2022 | B. Steven L. Hardy, D.D.S. | $25,000 | Trio of Dentist HIPAA Violations Leads to $135,000 in Settlements |
9/20/2022 | Great Expressions Dental Center of Georgia | $80,000 | Trio of Dentist HIPAA Violations Leads to $135,000 in Settlements |
12/14/2022 | Dr. Brandon Au | $23,000 | Impermissible disclosure of PHI |
12/15/2022 | Health Specialists of Central Florida Inc | $20,000 | HHS Civil Rights Office Resolves HIPAA Right of Access Investigation with $20,000 Settlement |
2022 TOTAL: | $2,170,140 |
Date | Organization | Fine Total | OCR Settlement Announcement |
1/12/2021 |
Banner Health |
$200,000 | OCR Settles Fourteenth Investigation in HIPAA Right of Access Initiative |
1/15/2021 | Lifetime Healthcare Companies | $5,100,000 | Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People |
2/10/2021 | Renown Health, P.C | $75,000 | OCR Settles Fifteenth Investigation in HIPAA Right of Access Initiative |
2/12/2021 | Sharp HealthCare | $70,000 | OCR Settles Sixteenth Investigation in HIPAA Right of Access Initiative |
3/24/2021 | Arbour Hospital | $65,000 | OCR Settles Seventeenth Investigation in HIPAA Right of Access Initiative |
3/26/2021 | Village Plastic Surgery | $30,000 | OCR Settles Eighteenth Investigation in HIPAA Right of Access Initiative |
5/25/2021 | AEON Clinical Laboratories | $25,000 | Clinical Laboratory Pays $25,000 to Settle Potential HIPAA Security Rule Violations |
6/2/2021 | The Diabetes, Endocrinology & Lipidology Center | $5,000 | OCR Settles Nineteenth Investigation in HIPAA Right of Access Initiative |
9/10/2021 | Children’s Hospital & Medical Center | $80,000 | OCR Resolves Twentieth Investigation in HIPAA Right of Access Initiative with $80,000 Settlement |
11/30/2021 | Advanced Spine & Pain Management (ASPM) | $32,150 |
Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access
|
11/30/2021 | Denver Retina Center | $30,000 | Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access |
11/30/2021 | Dr. Robert Glaser | $100,000 | Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access |
11/30/2021 | Rainrock Treatment Center, LLC dba Monte Nido Rainrock (“Monte Nido | $160,000 | Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access |
11/30/2021 | Wake Health Medical Group | $10,000 | Five enforcement actions hold healthcare providers accountable for HIPAA Right of Access |
2021 TOTAL: | $5,980,000 |
Date | Organization | Fine Total | Link to OCR Settlement |
April 22, 2015 | Cornell Prescription Pharmacy | $125,000 | HIPAA Settlement Highlights the Continuing Importance of Secure Disposal of Paper Medical Records |
June 10, 2015 | St. Elizabeth’s Medical Center | $218,000 | HIPAA Settlement Highlights Importance of Safeguards When Using Internet Applications |
August 31, 2015 | Cancer Care Group, P.C. | $750,000 | 750,000 HIPAA Settlement Emphasizes the Importance of Risk Analysis and Device and Media Control Policies |
November 24, 2015 | Lahey Hospital and Medical Center | $850,000 | HIPAA Settlement Reinforces Lessons for Users of Medical Devices |
November 30, 2015 | Triple-S Management | $3,500,000 | Triple-S Management Corporation Settles HHS Charges by Agreeing to $3.5 Million HIPAA Settlement |
December 14, 2015 | University of Washington Medicine | $750,000 | $750,000 HIPAA Settlement Underscores the Need for Organization Wide Risk Analysis |
2015 TOTAL: | $6,193,000 |
What is the Penalty for a HIPAA Violation?
HIPAA violations, like violation of the HIPAA privacy rule, cost your practice. The federal fines for noncompliance are based on the level of perceived negligence found within your organization at the time of the HIPAA violation. These fines and consequences can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation. View our HIPAA fines chart below for the full HIPAA fines list.
OCR has also levied criminal charges for HIPAA violations in the past. Director of OCR, Jocelyn Samuels, went on record in February of 2016, saying that:
“While OCR prefers to resolve issues through voluntary compliance, […] we will take the steps necessary, including litigation, to obtain adequate remedies for violations of the HIPAA Rules.”
Source: HHS, Federal Register.gov