As noted in the press release, the new divisions and restructuring of resources will help support the significant increase in OCR’s caseload, which rose 69% between 2017 and 2022, and align its structure with other federal civil rights offices. OCR highlighted that the majority of its cases were related to alleged violations of health information privacy and security laws. The prior Health Information Privacy Division will now be called the Health Information Privacy, Data, and Cybersecurity Division (“HIPDC”) to “be more reflective of their work and role in cybersecurity” citing a similar increase in reported breaches in recent years.
This restructuring comes on the heels of OCR’s recent annual reports on HIPAA compliance and breaches, which highlight OCR’s investigation of complaints, breach reports, and compliance reviews regarding potential HIPAA violations. The report also provides data on the numbers of HIPAA cases investigated, common areas of noncompliance, and insights into trends such as cybersecurity readiness.
These actions indicate OCR’s continued interest in privacy and cybersecurity matters, commitment to enforcement of HIPAA violations, and recognition of privacy and security complaints as enforcement priorities.
Authored by Marcy Wilder, Scott Loughlin, Melissa Bianchi, Paul Otto, and Alyssa Golay.
