TLD Systems

In 2024, the most common HIPAA compliance issue, according to the Office for Civil Rights (OCR), remains the impermissible use and disclosure of protected health information (PHI). When violations are identified, the OCR frequently refers cases to the Department of Justice (DOJ) for further action. As of 2024, 2,419 referrals have been made to the DOJ for criminal investigation.

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), has reached a settlement with Health Fitness Corporation following a HIPAA violation involving the unauthorized online exposure of electronic protected health information (ePHI). The breach occurred due to a software misconfiguration, making sensitive health data accessible online. This violation highlights the importance of maintaining proper security controls and conducting regular risk assessments to prevent unauthorized data exposure.

by Michael Brody, DPM, CEO TLD Systems