OCR’s Largest HIPAA Settlements for 2019

As we’ve entered a new year, it’s a good time to reflect on some of the larger HIPAA settlements from 2019 to remind us how crucial it is to stay in compliance with this federal law.


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted to improve the efficiency and effectiveness of the health care system in the United States. HIPAA required the Department of Health and Human Services (HHS) to develop various privacy and security regulations of certain health information. Thereafter, HHS published the HIPAA Privacy, Security, and Breach Notification Rules (HIPAA Rules).

The Privacy Rule established the national standards that protect the privacy of individually identifiable health information, and the Security Rule created security standards of certain health information held or transferred in electronic form. In case of a breach of unsecured protected health information, the Breach Notification Rule governs the notification process to various individuals and entities.

2019 Settlements

Within HHS, the Office for Civil Rights (OCR) enforces the HIPAA Rules through compliance reviews and investigations. Below is a list of HIPAA settlements of potential violations of the HIPAA Rules between various entities and the OCR for 2019. Not only can these settlements be costly, they are also made public. The OCR publishes these settlements through news releases and HHS maintains a list of breaches of unsecured protected health information affecting 500 or more individuals.

Date Fine Link
02/07/2019 $3 million Cottage Health Settles Potential Violations of HIPAA Rules for $3 Million 
05/06/2019 $3 million $3 Million Settlement, HIPAA Breach Affects 300,000 Individuals’ PHI
05/23/2019 $100,000 Indiana Medical Records Service Pays $100,000 to Settle HIPAA Breach 
09/09/2019 $85,000 OCR Settles First Case in HIPAA Right of Access Initiative
10/02/2019 $10,000 Dental Practice $10,000 Settlement for Social Media HIPAA Violation
10/23/2019 $2.15 million HIPAA Breaches Result in $2.15 Million Penalty Against Jackson Health System
11/5/2019 $3 million University of Rochester Medical Center Settles HIPAA Violations for $3 Million
11/7/2019 $1.6 million A Stitch in Time Could Have Saved. . . $1.6 Million in HIPAA Penalties?
11/27/2019 $2.175 million Failure to Properly Report HIPAA Breach Results in $2.175 Million Settlement by Sentara Hospitals
12/12/2019 $85,000 OCR Settles Second Case in HIPAA Right of Access Initiative
12/30/2019 $65,000 Loss of Unencrypted Laptop Leads to $65,000 HIPAA Settlement


Now more than ever, Covered Entities subject to HIPAA must continue to strictly comply with these rules to avoid costly outcomes. ComplianceDashboard offers tools to help these entities navigate through the strict requirements of HIPAA to stay in compliance.


The information and content contained in this blog post are for general informational purposes only, and does not, and is not intended to, constitute legal advice. 

Leave a Reply

Your email address will not be published. Required fields are marked *