Skip Navigation

Case Examples and Resolution Agreements

These examples show how covered entities can effectively comply with the requirements of the Privacy and Security Rules.  Periodically, we update this page with case examples of the corrective actions that OCR obtains from covered entities through our enforcement efforts. 

Case Examples

Case Examples Organized by
Covered Entity
 Case Examples Organized by

Resolution Agreements

Resolution Agreements and Civil Money Penalties -A resolution agreement is a contract signed by HHS and a covered entity in which the covered entity agrees to perform certain obligations (e.g., staff training) and make reports to HHS, generally for a period of three years. During the period, HHS monitors the covered entity’s compliance with its obligations.  A resolution agreement likely would include the payment of a resolution amount.  These agreements are reserved to settle investigations with more serious outcomes. When HHS has not been able to reach a satisfactory resolution through the covered entity’s demonstrated compliance or corrective action through other informal means, civil money penalties (CMPs) may be imposed for noncompliance against a covered entity.  To date, HHS has entered into ten resolution agreements and issued CMPs to one covered entity.