HHS FY2016 Budget in Brief: Office of the Secretary, Office for Civil Rights (OCR)
The Office for Civil Rights ensures equal, nondiscriminatory access to and receipt of all HHS services and the protection of privacy and security of health information, thereby contributing to HHS’s overall mission of improving the health and well being of all Americans affected by its many programs.
OCR Budget Overview
(Dollars in millions)
|Funds||2014||2015||2016||2016 +/ 2015|
Full Time Equivalents
2016 +/- 2015: +4
The FY 2016 Budget for the Office for Civil Rights (OCR) is $43 million, an increase of $4 million over FY 2015. The increase will support OCR’s audit program which was mandated by the Health Information Technology for Economic and Clinical Health Act. The audit program will offer an invaluable new tool to help ensure Health Insurance Portability and Accountability Act (HIPAA) compliance by covered entities and business associates, while also informing OCR on areas in which to direct its enforcement and technical assistance. In addition, the increase will support OCR’s continued expansion and improvement of its Centralized Case Management Operations unit, which has significantly improved its efficiency by receiving, recording, triaging, and distributing complaints for evaluation and resolution.
General Authorities: OCR resolves over 4,000 discrimination complaints annually, conducts compliance reviews, and enforces various federal civil rights laws and regulations. These include protections against discrimination on the basis of race, color, national origin, disability, age, and sex in HHS-funded programs and certain federal, state, and local government programs. In addition, under Section 1557 of the Affordable Care Act, OCR has enforcement authority with respect to race, color, national origin, disability, age, and sex discrimination in health programs that receive financial assistance or are administered by HHS or any entity established under Title I of the Affordable Care Act.
Other Compliance Activities: In addition to its direct enforcement responsibilities under federal anti-discrimination laws, OCR reviews nearly 2,500 Medicare provider applicants per year to assess compliance with federal civil rights requirements. Through its current formal agreements with 54 health care corporations, OCR ensures ongoing compliance in more than 4,600 facilities that serve over 11 million patients annually.
OCR also works with its federal agency partners to ensure that language assistance services are available to limited English proficient individuals, including with regard to services under the Affordable Care Act and other activities conducted by the Department.
In addition, OCR provides technical assistance and education to states and federal agency partners to ensure compliance with the Americans with Disabilities Act. OCR disseminates information, creates virtual learning communities, works on guidance documents, and provides webinars on topics such as housing and Medicaid services that provide individuals with disabilities opportunities to live in their communities.
Health Information Privacy and Security
General Authorities: OCR administers and enforces the HIPAA Privacy, Security, and Breach Notification Rules. OCR is responsible for policy development through the issuance of regulations and guidance. OCR also provides outreach and technical assistance to the regulated community to ensure covered entities and business associates understand their compliance obligations and to the public to increase individuals’ awareness of their HIPAA rights and protections. OCR enforces the HIPAA Rules by investigating complaints and conducting compliance reviews of alleged violations of the HIPAA Rules, providing technical assistance and obtaining corrective actions, as well as entering into resolution agreements or issuing civil monetary penalties, where appropriate. OCR resolved more than 15,000 complaints of alleged HIPAA violations in FY 2014.
Settlements and Civil Monetary Penalties: OCR has authority to enter into resolution agreements that include payment of a resolution amount and corrective action plans, as well as imposing civil monetary penalties for violations of the HIPAA Rules. OCR collected $8 million in settlements in FY 2014 – an amount based on several unusually large agreements – and anticipates collecting $5.5 million in settlements in FY 2015. OCR retains and expends these collections to support overall HIPAA enforcement activities.
HIPAA Audit Program: The HITECH Act mandates that OCR conduct periodic audits to assess entity compliance with HIPAA. OCR conducted a pilot program to ensure that its audit functions could be performed in the most efficient and effective way, and in FY 2015 will continue designing, testing, and implementing its audit function to measure compliance with privacy, security, and breach notification requirements. OCR plans to conduct comprehensive and desk audits of covered entities and business associates. Audits are a proactive approach to evaluating and ensuring HIPAA privacy and security compliance.