As required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the HHS Office for Civil Rights (OCR) has delivered two reports to Congress on HIPAA privacy, security, and breaches of unsecured protected health information. The reports provide crucial data on:
- The numbers of HIPAA cases investigated
- Areas of noncompliance
- Insights into trends such as cybersecurity readiness
The reports also highlight compliance concerns that need improvement, such as risk analysis and risk management, information system activity review, audit controls, and access controls. Hacking/IT incidents remain the largest category of breaches affecting 500 or more individuals, comprising 75% of the reported breaches. OCR Director Melanie Fontes Rainer says OCR will continue to provide guidance and technical assistance to regulated entities, as well as a strict enforcement program to combat potential HIPAA violations.
Visit the report pages to view the current and past reports.
