OCR Delivers Annual Reports to Congress
Our Department of Health and Human Services (DoHHS) spent Valentines Day issuing two annual reports to Congress; HIPAA Privacy, Security, and Breach Notification Rule Compliance and Breaches of Unsecured Protected Health Information.
The first Office of Civil Rights (OCR) report has some statistics worth sharing:
OCR received 30,435 new complaints alleging violations of the HIPAA Rules
OCR resolved 32,250 complaints alleging violations of the HIPAA Rules
OCR resolved 17 complaint investigations with Resolution Agreements and Corrective Action Plans (RA/CAPs) and monetary settlements totaling $802,500, and one complaint investigation with a civil money penalty in the amount of $100,000
OCR completed 846 compliance reviews and required subject entities to take corrective action or pay a civil money penalty in 80% (674) of these investigations. Three compliance reviews were resolved with RA/CAPs and monetary payments totaling $2,425,640.
We know that 17 RA/CAPs doesn't seem like a lot, but it is a healthy uptick from some previous years' activity. As you can read, DoHHS/OCR is very busy managing HIPAA-based complaints.
The second report highlighted what we already know, specifically that "hacking/IT incidents" remain the largest category of breaches occurring in 2022 affecting 500 or more individuals.
The graphic below links to OCR's 2022 reports.
Stay (HIPAA) safe,
Alan -
Commentaires