Skip Navigation

Enforcement Process

OCR enforces the Privacy and Security Rules in several ways: 

  • by investigating complaints filed with it, 
  • conducting compliance reviews to determine if covered entities are in compliance, and 
  • performing education and outreach to foster compliance with the Rules' requirements. 


OCR also works in conjunction with the Department of Justice (DOJ) to refer possible criminal violations of HIPAA. 

Text description of HIPAA Privacy & Security Rules Complaint Process

Back to Top