2024-2025 Global AI Trends Guide
This week the U.S. Department of Health and Human Services, the agency responsible for HIPAA enforcement, announced the formation of three new divisions within the Office for Civil Rights (“OCR”). The new divisions – Enforcement, Policy, and Strategic Planning – are intended to enhance focus and efficiency in conducting HIPAA compliance reviews, developing policies related to HIPAA and health privacy, promulgating regulations, providing technical assistance, and educating the public about health privacy and cybersecurity requirements.
As noted in the press release, the new divisions and restructuring of resources will help support the significant increase in OCR’s caseload, which rose 69% between 2017 and 2022, and align its structure with other federal civil rights offices. OCR highlighted that the majority of its cases were related to alleged violations of health information privacy and security laws. The prior Health Information Privacy Division will now be called the Health Information Privacy, Data, and Cybersecurity Division (“HIPDC”) to “be more reflective of their work and role in cybersecurity” citing a similar increase in reported breaches in recent years.
This restructuring comes on the heels of OCR’s recent annual reports on HIPAA compliance and breaches, which highlight OCR’s investigation of complaints, breach reports, and compliance reviews regarding potential HIPAA violations. The report also provides data on the numbers of HIPAA cases investigated, common areas of noncompliance, and insights into trends such as cybersecurity readiness.
These actions indicate OCR’s continued interest in privacy and cybersecurity matters, commitment to enforcement of HIPAA violations, and recognition of privacy and security complaints as enforcement priorities.
Authored by Marcy Wilder, Scott Loughlin, Melissa Bianchi, Paul Otto, and Alyssa Golay.