top of page

OCR Delivers Annual Reports to Congress

Our Department of Health and Human Services (DoHHS) spent Valentines Day issuing two annual reports to Congress; HIPAA Privacy, Security, and Breach Notification Rule Compliance and Breaches of Unsecured Protected Health Information.

The first Office of Civil Rights (OCR) report has some statistics worth sharing:

  • OCR received 30,435 new complaints alleging violations of the HIPAA Rules

  • OCR resolved 32,250 complaints alleging violations of the HIPAA Rules

  • OCR resolved 17 complaint investigations with Resolution Agreements and Corrective Action Plans (RA/CAPs) and monetary settlements totaling $802,500, and one complaint investigation with a civil money penalty in the amount of $100,000

  • OCR completed 846 compliance reviews and required subject entities to take corrective action or pay a civil money penalty in 80% (674) of these investigations. Three compliance reviews were resolved with RA/CAPs and monetary payments totaling $2,425,640.

We know that 17 RA/CAPs doesn't seem like a lot, but it is a healthy uptick from some previous years' activity. As you can read, DoHHS/OCR is very busy managing HIPAA-based complaints.

The second report highlighted what we already know, specifically that "hacking/IT incidents" remain the largest category of breaches occurring in 2022 affecting 500 or more individuals.

The graphic below links to OCR's 2022 reports.

Stay (HIPAA) safe,

Alan -

6 views0 comments


bottom of page