Breaking CFPB enforcement actions up 34% in Q1 2026 · TRAIGA in effect Jan 1 · Colorado AI Act deadline June 30 · FTC finalizes new FCRA guidance

Wednesday, April 29, 2026 · Regulatory Compliance Intelligence

About Newsletter From the Wire LexiIntel LexiShield

Live Feed

FCRACFPB releases updated furnisher examination procedures · Effective Q2 2026 AI GOVTexas TRAIGA in effect · $200,000/violation · AG complaint portal opens Sept 1 FDCPA11th Circuit rules on bona fide error defense · Implications for collection agencies COLORADOSB 24-205 effective June 30, 2026 · Impact assessments required TCPAFCC opens NPRM on AI-generated calls · Comment period closes May 15 HIPAAHHS OCR announces new enforcement priorities for 2026 · Focus on telehealth FMCSANew ELD amendment rule published · Compliance date August 2026 FINRARule 4370 examination sweep underway · BCP documentation focus FEDERALCongress rejects state AI preemption moratorium 99-1 · State laws remain in force INSURANCETX Ins. Code §542 prompt payment enforcement up 22% in 2025 FCRACFPB releases updated furnisher examination procedures · Effective Q2 2026 AI GOVTexas TRAIGA in effect · $200,000/violation · AG complaint portal opens Sept 1 FDCPA11th Circuit rules on bona fide error defense · Implications for collection agencies COLORADOSB 24-205 effective June 30, 2026 · Impact assessments required TCPAFCC opens NPRM on AI-generated calls · Comment period closes May 15 HIPAAHHS OCR announces new enforcement priorities for 2026 · Focus on telehealth FMCSANew ELD amendment rule published · Compliance date August 2026 FINRARule 4370 examination sweep underway · BCP documentation focus FEDERALCongress rejects state AI preemption moratorium 99-1 · State laws remain in force INSURANCETX Ins. Code §542 prompt payment enforcement up 22% in 2025

HHS OCR Settles with Software Vendor Over 15 Million Patient Records Exposed in 2020 Breach

A Maryland dental software company agreed to a HIPAA settlement after a 2020 breach exposed the records of 15 million individuals. The case illustrates OCR's ongoing focus on business associates and their obligations under the Security Rule.

By Mike Reeves March 25, 2026 1 min read min read

By Mike Reeves | ComplianceJournal.news

The HHS Office for Civil Rights announced a settlement with MMG Fusion, LLC, a Maryland-based dental software company, over a 2020 data breach that exposed the protected health information of approximately 15 million individuals. The breach — which involved an unauthorized actor accessing MMG's systems and posting patient data to the dark web — resulted in the disclosure of names, phone numbers, mailing addresses, email addresses, dates of birth, and appointment information.

OCR's investigation found that MMG failed to conduct an accurate and thorough risk analysis before the breach occurred, the foundational HIPAA Security Rule requirement that organizations identify potential risks to electronic PHI before they become incidents. That failure — not the breach itself — is what made the settlement inevitable. OCR has made the risk analysis requirement the centerpiece of its enforcement program, and this case follows a consistent pattern: breaches that OCR investigates reveal pre-existing risk analysis deficiencies, which generate the settlement obligation.

For business associates — vendors that receive PHI from covered entities — this case is a direct warning. HIPAA's Security Rule applies to business associates with full force. A vendor whose software touches patient data cannot treat security compliance as the covered entity's problem. The risk analysis obligation runs to the business associate independently, and OCR will pursue it.

Source: U.S. Department of Health and Human Services — Read the full announcement →

LexiIntel Technologies — Proven AI Compliance

LexiIntel detects every statutory obligation in regulated communications, certifies every compliance step with cryptographic proof, and generates court-ready evidence packets. 19 regulatory areas. 390 trigger codes.

Request a Demo → LexiIntel.com

Sponsored · LexiIntel Technologies

LexiIntel™

Your Organization Probably Complied. Can You Prove It?

19

Regulatory Areas

390

Trigger Codes

14K+

Statute Passages

22

IP Assets

Patent-pending AI compliance platform. Detects every statutory obligation. Certifies every step with SHA-256 cryptographic proof. Court-ready. Audit-ready. Regulator-ready.

Request a Demo → LexiIntel.com

FCRA · FDCPA · Insurance · FMCSA · HIPAA · TCPA

Compliance Intelligence Brief

Daily regulatory updates across FCRA, FDCPA, HIPAA, TCPA, AI governance, and 15+ areas. Read by compliance officers, general counsel, and enforcement attorneys.

No spam · Unsubscribe anytime · A LexiNews Publication

Sponsored · LexiShield AI Governance

LexiShield™

$7.99/month

$99 one-time setup · No attorney needed

Automated AI governance compliance for small and mid-size businesses. TRAIGA · Colorado AI Act · Multi-state coverage.

✓AI vendor identification & inventory

✓Certified demand letters to vendors

✓SHA-256 verified audit chain

✓Court-ready compliance record

✓Attorney white label available

Start Now → LexiShield.ai