HHS’ Office for Civil Rights (OCR) has published two new reports on HIPAA privacy, security compliance, and breach notification for the two-year period ending December 31, 2012.
The reports are required under the HIPAA HITECH Act, which addresses the privacy and security of electronic protected health information.
A summary of each report follows:
- Compliance Report. This report includes a short overview of the HIPAA privacy, security, and breach notification rules. It also offers a detailed discussion of OCR’s enforcement process, including enforcement data. Notably, OCR indicates that it received more complaints in 2012 than in any previous calendar year.
- Breach Notification Report. This report describes the notification requirements following the discovery of a breach of unsecured protected health information. It also examines the breach reports that OCR received as a result of these requirements.
Overall, the reports provide a useful look into OCR’s continued effort to enforce HIPAA compliance. Both OCR reports are accessible here.