HIPAA Enforcement Efforts | Alice G. Gosfield & Associates, PC

Phone (215) 735-2384

In May, 2023, the Office for Civil Rights (OCR) in the Department of Health and Human Services updated its website to add new data on its HIPAA enforcement efforts over the years. Since April, 2003, when HIPAA covered entities were first required to comply with the HIPAA Privacy Rule, the OCR has investigated and “resolved” more than 30,000 cases in which it required corrective action or provided “technical assistance” (or both) to covered entities and business associates, entered into settlements or imposed civil money penalties in 133 cases leading to recoveries of more than $135 million. Overall, the OCR has received more than 331,100 HIPAA complaints in the last 20 years. Although the vast bulk of cases (approximately 223,000) were determined to be ineligible for enforcement. Over this time, the OCR determining that there no violation occurred in only 14,519 investigations. In approximately 55,000 other cases, the OCR intervened early and provided technical assistance, without the need for an in-depth investigation. While most cases do not result in the imposition of civil money penalties or settlements that require paying fines, our own clients have been investigated by the OCR, and the process can be lengthy, time-consuming and difficult, even when the OCR does not impose penalties or require corrective actions. Dan examines HIPAA enforcement overall, and explores enforcement trends in “HIPAA Enforcement On the Books and In Reality: When It All Goes Wrong,” Given the prevalence of HIPAA complaints and the hardship of navigating an investigation, our advice is to work to develop and maintain a HIPAA compliance plan.

Latest Issues

Follow our opinions on the latest issues affecting health care regulation.

› Read Latest Issues

Speeches

› Teleconference Registration

Products

Expand your reference library and your expertise in health care regulation.

› Browse Products

Stay up to date on health care regulation issues by becoming a member.

› Subscribe

Alice G. Gosfield and Associates, P.C. (“AGGA”) reserves the right to change the information on this website without notice. We make no representations about the accuracy or completeness of the information on this website or that material available from this site is free of viruses. Links on this website to other websites are for informational purposes only. They are not intended to constitute endorsements of or referrals to the entities or the products of the entities to which the links connect. AGGA is not responsible for the privacy practices of other web sites.

Access to this website shall not create nor be construed to create any attorney-client or business associate relationship between persons accessing the site and AGGA or any of its attorneys. The materials published and made available on this website are for information purposes only and should not be construed as legal advice or legal opinion on any specific facts or circumstances. Users of and visitors to the website should not act upon information on the website without first seeking legal counsel.

If you have any questions about this Disclaimer or the Website Privacy Policy, please contact us at info@gosfield.com.