New Figures on HIPAA Privacy Enforcement

June 24, 2011
On May 12, the Office for Civil Rights ("OCR") posted new information on its website regarding the agency's resolution of HIPAA privacy complaints

On May 12, the Office for Civil Rights ("OCR") posted new information on its website regarding the agency's resolution of HIPAA privacy complaints and investigations during the first five years of HIPAA enforcement. While the data was new, it confirmed several familiar themes in HIPAA privacy enforcement:

1. Sixty-five percent of HIPAA complaints (16,528 of the 25,536 complaints filed between 2003 and 2007) were resolved after the initial intake and review stage. Most HIPAA complaints are resolved by OCR after receipt of a single response letter from the covered entity that is the subject of the complaint.

2. Of the cases that were referred for further investigation and review, OCR took "corrective action" 6,418 times and found "no violation" 2,690 times. OCR fails to explain what sorts of "corrective actions" it is taking.

3. OCR still has not imposed civil money penalties on a covered entity for a HIPAA privacy violation. Clearly, OCR's "corrective actions" have stopped short of the imposition of fines.

4. The total number of annual HIPAA privacy complaints has steadily risen each year, from 1, 508 in 2003 to 7,176 in 2007.

Given the continued rise in HIPAA privacy complaints, it is surprising that OCR has yet to find a violation meriting the imposition of penalties. Not that HIPAA covered entities are complaining …

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?