Enforcement Highlights December 2014
HIPPA Privacy Rule Enforcement Highlights and Results as of December 2014.
Final
Issued by: Office for Civil Rights (OCR)
Issue Date: July 06, 1905
Enforcement Highlights
(As of December 31, 2014)
The HIPAA Privacy Rule is a set of federal standards to protect the privacy of patients' medical records and other health information maintained by covered entities: health plans, which include many governmental health programs, such as the Veterans Health Administration, Medicare and Medicaid; most doctors, hospitals and many other health care providers; and health care clearinghouses. These standards provide patients with access to their medical records and with significant control over how their personal health information is used and disclosed. Compliance with the standards was required as of April 14, 2003 for most entities covered by HIPAA. On that date, OCR began accepting complaints involving the privacy of personal health information in the health care system.
The HIPAA Security Rule establishes national standards for the security of electronic protected health information. The final rule adopting HIPAA standards for security was published in the Federal Register on February 20, 2003. This final rule specifies a series of administrative, technical, and physical security safeguards for covered entities to assure the confidentiality of electronic protected health information. The standards are delineated into either required or addressable implementation specifications. Compliance with the standards was required as of April 20, 2005, for most entities covered by HIPAA. The authority to administer and enforce the Security Rule was transferred to OCR on July 27, 2009.
The HIPAA Breach Notification Rule requires covered entities and their business associates to notify the Secretary, individuals, and in some cases, the media, regarding breaches of unsecured protected health information. Compliance with the standards was required as of September 23, 2009.
Watch for monthly updates reporting the number of cases received, investigated or resolved.
HHS is committed to making its websites and documents accessible to the widest possible audience, including individuals with disabilities. We are in the process of retroactively making some documents accessible. If you need assistance accessing an accessible version of this document, please reach out to the guidance@hhs.gov.
DISCLAIMER: The contents of this database lack the force and effect of law, except as authorized by law (including Medicare Advantage Rate Announcements and Advance Notices) or as specifically incorporated into a contract. The Department may not cite, use, or rely on any guidance that is not posted on the guidance repository, except to establish historical facts.