· 12 min read

Real HIPAA Violations From AI: What Regulators Have Penalized

OCR has not yet fined anyone for an AI tool by name. That is a lag, not an all-clear. Here is what regulators have penalized that maps directly onto how AI fails.

Table of contents

There is no “AI HIPAA fine” yet. As of early 2026, the OCR — the office inside the U.S. Department of Health and Human Services that enforces HIPAA — has not, to public knowledge, published an enforcement action that names an AI tool as the cause of a violation.

That sounds like reassurance. It is not. It is a lag.

OCR enforcement runs years behind the conduct it penalizes. A breach reported in 2018 produces a settlement in 2025.[10] The technology that caused a violation is often two product generations old by the time the resolution agreement is signed. So the absence of an “AI fine” tells you nothing about whether AI deployments are compliant today. It tells you the enforcement cycle hasn’t caught up.

What it has caught up on is more useful. Strip the word “AI” out and look at the actual failure modes OCR penalizes — impermissible disclosure of PHI to a vendor with no contract, deploying a system without assessing where PHI flows, failing to manage the vendors handling your data, and technology that silently leaks PHI. Every one of those is exactly how an AI deployment goes wrong. The cases below are real, verified against OCR’s own records. Read each one as a preview of the AI version of the same mistake.

OCR enforces HIPAA. The FTC is a separate regulator — keep them straight

One clarification before the cases, because it is the most common error in writing about this.

HIPAA is enforced by OCR. When you read about a HIPAA settlement, a resolution agreement, or a corrective action plan, that is OCR.

The Federal Trade Commission is a different agency with different authority. The FTC has been the more active regulator on consumer health data — but it acts under the FTC Act and the Health Breach Notification Rule, not HIPAA. The FTC’s 2023 action against GoodRx, which ended in a $1.5 million civil penalty for sharing health data with advertising platforms, was the FTC’s first enforcement under the Health Breach Notification Rule — not a HIPAA case.[1] The FTC’s 2023 settlement with the online therapy provider BetterHelp, for $7.8 million, was likewise an FTC action, not an OCR one.[2]

This matters for AI buyers because a tool can be outside HIPAA’s reach and still draw a regulator. If you build a health app that isn’t a HIPAA covered entity, OCR may not have jurisdiction — but the FTC might. For the rest of this post, every case is OCR and HIPAA unless explicitly labeled otherwise.

Impermissible disclosure to a vendor with no BAA: the AI version is pasting PHI into ChatGPT

The most direct precedent for an “AI HIPAA violation” is the oldest pattern OCR enforces: a covered entity hands PHI to a vendor it has no Business Associate Agreement with.

In 2017, OCR settled with the Center for Children’s Digestive Health, a small pediatric practice in Illinois, for $31,000.[3] The practice had been disclosing PHI to a records-storage vendor since 2003. Neither party could produce a signed BAA. That was the violation — not a breach, not a hack, just PHI moving to a vendor without the contract HIPAA requires. The same vendor’s receivership estate separately paid OCR $100,000.[4]

Now substitute the vendor. A clinician pastes a patient summary into a consumer AI chatbot to draft a letter. That is a disclosure of PHI to the AI vendor — and to whatever model provider sits behind it. With no BAA covering that path, it is the Center for Children’s Digestive Health fact pattern exactly: PHI to a vendor, no contract. The output quality is irrelevant. The disclosure is the violation.

This is why a BAA is the floor, not a feature. It is also why the BAA has to cover the whole path — the AI tool and the model provider behind it. The complete guide to HIPAA-compliant AI goes deeper on scope, but the enforcement point is simple: an uncovered hop is an impermissible disclosure waiting for a breach report.

No risk analysis: the AI version is deploying without knowing where PHI flows

The single most-cited failure in OCR’s Security Rule enforcement is not a sophisticated attack. It is the absence of a risk analysis — the required assessment of where electronic PHI lives, how it moves, and what could go wrong.[11]

OCR has made this so central that it created a dedicated Risk Analysis Initiative. The first action under it, in October 2024, settled with the Bryan County Ambulance Authority in Oklahoma for $90,000 after a ransomware incident affecting 14,273 patients.[5] The fifth, with Health Fitness Corporation, settled for $227,816 — there, ePHI had been exposed to web crawlers through a server misconfiguration, and OCR found the organization had not conducted an accurate and thorough risk analysis.[6]

The pattern in these cases is not “they were attacked.” It is “they never assessed their own exposure.” HIPAA’s risk analysis requirement is foundational precisely because you cannot protect data flows you have not mapped.

An AI deployment is a new data flow. When a team connects an AI tool to a workflow that touches patient records, PHI starts moving along a path that did not exist before — into prompts, into context windows, into a model provider’s infrastructure, into logs. If that path was never added to the organization’s risk analysis, the deployment has the exact gap OCR penalized in the cases above. “We bought an AI tool and turned it on” is not a risk analysis. The question OCR asks — where does PHI go, and what could happen to it there — has to have an answer that includes the AI system.

Business associate management failures: the AI version is not covering the model provider

Getting a BAA signed is step one. Managing the business associates underneath you is a separate, ongoing obligation — and OCR penalizes failures in it.

The MMG Fusion settlement, announced in 2026, is instructive. After an unauthorized actor accessed PHI affecting roughly 15 million individuals, OCR found the company had impermissibly disclosed PHI and had failed to conduct an accurate and thorough risk analysis.[7] The settlement amount was modest at $10,000 — small entities and what they can pay shape the figure — but the failure mode is the point: the organization did not have a clear, managed picture of how PHI moved through the parties it relied on.

AI makes this harder, not easier. When you contract with an AI vendor, the entity processing your prompt at inference time is often a different company — the model provider. Your BAA with the AI tool does not automatically cover that provider. If the AI vendor has not held its own BAA with the model provider, the chain has a gap, and you are back to an impermissible disclosure to an uncovered vendor. Business associate management for an AI deployment means knowing every party in the inference path and confirming each one is under contract — not assuming the vendor handled it.

Tracking technologies: the closest real precedent for “a technology silently leaking PHI”

If you want the case that most resembles a future AI enforcement action, look at OCR’s posture on online tracking technologies.

In December 2022, OCR issued a bulletin warning that covered entities using third-party tracking code — analytics scripts, advertising pixels — on their websites and apps could be impermissibly disclosing PHI to the companies behind those trackers.[8] In July 2023, OCR and the FTC jointly sent letters to roughly 130 hospital systems and telehealth providers, naming the risk directly and warning that tracking code was sending consumers’ health information to third parties without authorization.[9]

What makes this the closest precedent is the shape of the failure. No one at these organizations decided to disclose PHI. A piece of technology, embedded in a system, was quietly transmitting it — and the organization either did not know or did not treat it as a HIPAA disclosure. OCR’s position is that intent does not matter. If a technology you deployed sends PHI to a third party without a permissible basis and without a BAA, that is an impermissible disclosure, and the breach notification obligations follow.

An AI tool is a technology embedded in a workflow that can quietly transmit PHI. A prompt logged for debugging, a context window that pulled in more of a chart than intended, an integration that forwards data to a model endpoint — each is a channel through which PHI moves without anyone explicitly choosing it. The tracking-technology enforcement is OCR telling you, in advance, how it will treat that.

What an OCR investigation actually asks for — and why most AI deployments cannot answer

An OCR investigation is not abstract. It is a documented request. OCR asks for the risk analysis. It asks for the BAAs. It asks for access logs. It asks the organization to reconstruct who accessed what PHI, when, and under what authority.

For a traditional records system, a prepared organization can produce those answers. For most AI deployments, it cannot — and the reason is structural. A consumer AI tool keeps conversation history, but conversation history is not an audit trail. It is not tamper-evident. It is not tied to verified user identities at the level OCR expects. It is not retained under a policy the organization controls. When OCR asks “which licensed clinician submitted this prompt containing PHI, at what time, and can you prove the record hasn’t been altered,” conversation history has no answer.

This is the gap that turns a manageable investigation into an expensive one. The organizations that fare worst are not always the ones with the worst breach — they are the ones that cannot demonstrate what happened. A real audit trail — append-only, cryptographically signed, independently verifiable — is what lets an organization answer OCR’s questions instead of guessing at them. A tamper-evident audit trail for AI exists for exactly this moment.

The practical takeaway

The honest summary: regulators have not yet penalized an “AI tool” by name, and they will. The conduct that produces the fines — impermissible disclosure to an uncovered vendor, no risk analysis, unmanaged business associates, a technology silently leaking PHI — is already settled enforcement, with dollar figures attached. AI is just the newest way to commit those same violations.

So the defensible AI deployment is not the one that waited for an “AI fine” to appear. It is the one built as if the existing enforcement already applied to it: a BAA covering the full inference path including the model provider; the AI system added to the organization’s risk analysis as a real PHI data flow; every business associate in the chain under contract; and an audit trail that can answer an investigator’s questions without guesswork. None of that is exotic. It is the same bar every other regulated system already meets — and the HIPAA Security Rule for AI vendors breaks down the technical requirements in detail.

If you want AI that is built to that bar from the start — one BAA across every surface, PHI policy enforced before a model sees a prompt, and a signed, verifiable audit chain — see how HASP handles HIPAA-compliant AI.

Sources

  1. Federal Trade Commission. “FTC Enforcement Action to Bar GoodRx from Sharing Consumers’ Sensitive Health Info for Advertising” (2023).

    ftc.gov

  2. Federal Trade Commission. “BetterHelp, Inc., In the Matter of” (2023).

    ftc.gov

  3. U.S. Department of Health & Human Services Office for Civil Rights. “No Business Associate Agreement? $31K Mistake” (2017).

    hhs.gov

  4. U.S. Department of Health & Human Services Office for Civil Rights. “HIPAA Consequences Don’t Stop When a Business Closes” (2018).

    hhs.gov

  5. U.S. Department of Health & Human Services Office for Civil Rights. “HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000” (2024).

    hhs.gov

  6. U.S. Department of Health & Human Services Office for Civil Rights. “HHS’ Office for Civil Rights Settles HIPAA Security Rule Investigation with Health Fitness Corporation” (2025).

    hhs.gov

  7. U.S. Department of Health & Human Services Office for Civil Rights. “HHS’ Office for Civil Rights Settles HIPAA Investigation of MMG Fusion, LLC” (2026).

    hhs.gov

  8. U.S. Department of Health & Human Services Office for Civil Rights. “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates” (2022).

    hhs.gov

  9. Federal Trade Commission. “FTC and HHS Warn Hospital Systems and Telehealth Providers about Privacy and Security Risks from Online Tracking Technologies” (2023).

    ftc.gov

  10. HHS Office for Civil Rights. “HIPAA Enforcement Data” (2025). Settlement of a 2020 breach of MMG Fusion in 2026 demonstrates the 6-year lag.

    hhs.gov

  11. HHS Office for Civil Rights. “Risk Analysis Initiative” (2024). Explaining the priority focus on the Security Rule’s foundational requirement.

    hhs.gov

Related pages

AI with a tamper-evident audit trail The signed, verifiable record that lets you answer an OCR investigation. View → The complete guide to HIPAA-compliant AI What it actually takes to put PHI through an AI system without breaking HIPAA. View → BAA-included AI One BAA covering the AI tool and the model behind it — no uncovered hops. View → HASP and HIPAA BAA scope, PHI handling at the gateway, and the signed audit chain. View →

More from HIPAA + AI

HIPAA Security Rule and AI: What § 164.308 Requires of Vendors When you put AI into a HIPAA workflow, the AI vendor becomes a business associate. Here is how to evaluate that vendor through the lens of § 164.308. Read → How to Evaluate HIPAA AI Vendors: A 20-Point Checklist A 20-point checklist for evaluating HIPAA AI vendors — BAA scope, the inference path, PHI handling, audit integrity, and the vendor's own posture. Read → Is ChatGPT HIPAA-Compliant? An Honest Answer for 2026 It depends on which ChatGPT, and the default answer is no. Here's what OpenAI's BAA actually covers in 2026 — and what a regulated team still has to build around it. Read →