Report highlighting where regulated entities should focus their HIPAA compliance efforts
On February 14, 2024, the U.S. Department of Health and Human Services Office for Civil Rights issued two reports to Congress regarding compliance and enforcement of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). especially, Compliance with HIPAA Privacy, Security, and Breach Notification Rules and Breach of Unsecured Protected Health Information. These reports are required by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 to be submitted to Congress annually. The HIPAA Rule provides the minimum necessary privacy and security protections for protected health information and provides individuals with the following rights: Information, including your right to access health information. These reports submitted to Congress share the steps OCR takes to investigate complaints, violation reports, and compliance reviews to help regulated entities (most health care providers, health insurance plans, We help organizations (such as clearinghouses) and their business partners with their HIPAA compliance efforts. Regarding potential violations of HIPAA regulations. The report includes important data on the number of HIPAA incidents investigated, areas of non-compliance, insights into trends such as cybersecurity readiness, and more.
This action is the latest by HHS to support the privacy and security of health information. In December 2023, HHS released a department-wide cybersecurity strategy for the health sector, and in January 2024, it announced voluntary cybersecurity performance goals to strengthen cybersecurity across the health sector.
“OCR’s Congressional Report provides everyone with useful information about trends in HIPAA complaints and violation reports,” said OCR Director Melanie Fontes Reiner. “Our health system must be mindful of these trends and address potential HIPAA compliance issues before a violation occurs or we are notified of an OCR investigation. And we stand ready to continue working with Congress and the health care industry to protect against security threats.”
2022 Report to Congress Compliance with HIPAA Privacy, Security, and Breach Notification Rules Identify the number of complaints received, how those complaints were resolved, the number of compliance reviews initiated by OCR, and the outcome of each review. Some highlights include:
- OCR receives 30,435 new complaints alleging violations of HIPAA regulations
- OCR resolved 32,250 complaints alleging HIPAA rule violations
- OCR resolved 17 complaint investigations with Resolution Agreements and Corrective Action Plans (RA/CAPs) and monetary settlements totaling $802,500, and assessed one complaint investigation with a civil penalty of $100,000.
- OCR completed 846 compliance reviews, and in 80% of these investigations (674 cases) required the target company to take corrective action or pay a civil penalty. Three compliance reviews were resolved with RA/CAP and monetary payments totaling $2,425,640.
2022 Report to Congress Breach of Unsecured Protected Health Information Identifies the number and nature of breaches of unsecured protected health information (PHI) reported to the Secretary of HHS during calendar year 2022 and actions taken in response to those breaches. It also highlights the continued need for regulated entities to improve their compliance with his HIPAA Security Rule requirements. This includes:
- Risk analysis and risk management.
- Review of information systems activities.
- Audit management.
- Response and reporting.and
- Authentication of a person or entity.
As in previous years, hacking/IT incidents were the largest category of breaches that occurred in 2022, affecting more than 500 individuals and accounting for 77% of reported breaches. Ta. Network servers remained the largest category of breaches by location, with 58% of reported large-scale breaches involving 500 or more individuals.
About OCR’s 2022 Report to Congress Compliance with HIPAA Privacy, Security, and Breach Notification Rules Available at https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/reports-congress/index.html.
About OCR’s 2022 Report to Congress Breach of Unsecured Protected Health Information Available at https://www.hhs.gov/hipaa/for-professionals/breach-notification/reports-congress/index.html.
OCR is committed to enforcing the HIPAA Rule and supporting the privacy and security of people’s health information. If you believe the privacy or civil rights of your or someone else’s health information have been violated, you may file a complaint with her OCR at https://www.hhs.gov/ocr/complaints/index.html. Masu.
