Four HIPAA enforcement actions hold healthcare providers accountable with compliance

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of three investigations and one matter before an Administration Law Judge related to compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Two of these cases are part of OCR’s HIPAA Right of Access Initiative, bringing the total number of these enforcement actions to twenty-seven since the initiative began. OCR created this initiative to support individuals' right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule. The other enforcement actions result from healthcare providers impermissibly disclosing their patients’ protected health information (PHI).  OCR has taken the following enforcement actions that underscore the importance and necessity of compliance with the HIPAA Rules, including the foundational Right of Access provision:

Content created by Office for Civil Rights (OCR)
Content last reviewed