This year's HIPAA settlements ran the monetary gamut and included the first ever fine levied due to untimely breach reporting. Here's an overview.
While 2016 saw a dramatic uptick in the number of HIPAA-related settlements doled out by the U.S. Department of Health and Human Services (HHS) - including the largest settlement to-date - there were fewer cases overall in 2017. Despite this, the first ever settlement related to untimely reporting of a breach was issued this year and more than half of the fines landed in the multimillion dollar range, indicating that the improper disclosure of patients' protected health information (PHI) and electronic PHI (ePHI) remains a prominent and costly issue. Â Here are the details surrounding a few of the worst HIPAA-related settlements of 2017.
HIPAA highlights: 2 disturbing class actions, OCR risk analysis enforcement
April 24th 2025Two class-action lawsuits targeting the University of Maryland Medical Center and the University of Kansas Health System for years-long cyberstalking and unauthorized access to protected health information spotlight massive HIPAA risk-analysis failures and underscore the urgent need for stronger health care cybersecurity safeguards.