The Department of Health and Human Services (HHS) delivered their annual report to congress and noted there have been significant increases in HIPAA complaints and large breaches. They also noted that there have not been increases in appropriations during the same time frame. The Office for Civil Rights (OCR) requested that the HITECH civil monetary penalty caps be increased in the HHS FY 2023 Discretionary A-19 Legislative Supplement that was sent to Congress.


The Annual Report to Congress on Breaches of Unsecured Protected Health Information identifies the number and nature of breaches of unsecured protected health information (PHI) that were reported to the Secretary of HHS during calendar year 2021 and the actions taken in response to those breaches. It also highlights the continued need for regulated entities to improve compliance with the HIPAA Security Rule requirements, including:

  • risk analysis and risk management
  • information system activity review
  • audit controls
  • access controls

The OCR Director Melanie Fontes Rainer stated, “We will continue to provide guidance and technical assistance on compliance with the HIPAA Rules, as well as a vigorous enforcement program to address potential HIPAA violations.”

Enforcement Process

The OCR is in charge of enforcing the HIPAA Rules.


To continue reading this article click here: 

Wednesday, March 1, 2023

« Back