The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule. Enforcement trends are the most direct way that the OCR can tell us what or where they’re looking at. In the most recent enforcement results, the OCR reports that it has received over 171,161 complaints since the HIPAA Privacy Rule took effect in 2003. These complaints have been against all types of covered entities, such as national pharmacies, medical centers, health plans, hospital chains, outpatient facilities, and private practices. 98% of these cases have been resolved through enforcement actions including investigations, fines, and corrective actions that require systemic changes in privacy practices and technical assistance.
Let’s take a look at the most frequently investigated HIPAA Privacy Rule compliance issues to see what lessons your organization can learn from enforcement trends.