The Office for Civil Rights of the Department of Health and Human Services (OCR) settled multiple cases of alleged HIPAA violations in November and early December.
One of the settlements focused on patients' rights to access their protected health information, resulting in a $100,000 penalty against Rio Hondo Community Mental Health Center.
Holy Redeemer Family Medicine settled for $325,581 for disclosing a patient's sensitive health information to her prospective employer without consent.
Gulf Coast Pain Consultants faced a $1.19 million penalty for unauthorized access to patients' data by a former contractor, which impacted 34,310 individuals.
Children's Hospital Colorado paid a penalty of $548,265 for two email account breaches caused by phishing attacks that compromised personal health information.
Health Care Clearinghouse and Inmediata Health Group settled for $250,000 after leaving 1.5 million individuals' PHI publicly available online.