You Are Here > OCR > HIPAA > Compliance and Enforcement

Office for Civil Rights - HIPAA

Compliance and Enforcement

Enforcement Process | Enforcement Highlights | Case Examples | Data | Resolution Agreement

The Privacy Rule requires health plans, most health care providers and health care clearinghouses to comply with its standards. The rule is enforced by the Office for Civil Rights of the Department of Health and Human Services (HHS). Enforcement of the Privacy Rule began April 14, 2003. Since then, HHS enforcement has obtained significant change that has improved the privacy practices of covered entities through its enforcement program. As discussed in the announcement, corrective actions obtained by HHS from these entities have resulted in change that is systemic and affects all the individuals they serve.

Enforcement Process

• How OCR Enforces the HIPAA Privacy Rule
• What OCR Considers During Intake & Review of a Complaint
• Flowchart

Enforcement Highlights

• Privacy Rule Enforcement Highlights
• Numbers at a Glance

Case Examples

• By Issue
  • Impermissible Uses & Disclosures
  • Lack of Safeguards
  • Lack of patient access to their protected health information
  • Uses or Disclosures of more than the minimum necessary
  • Lack of or invalid authorization
• By Covered Entity
  • Private Practices
  • General Hospitals
  • Outpatient Facilities
  • Health Plans
  • Pharmacies
• All case examples

Data

• Enforcement Results by Year
• State Numbers
• Number of Complaints Received by Year
• Top 5 Issues in Investigated Cases by Year

Resolution Agreement

• Resolution Agreement with Providence Health & Services

Last revised: July 28, 2008

HHS Home | Questions? | Contact HHS | Accessibility | Privacy Policy | FOIA | Disclaimers

The White House | USA.gov | Helping America's Youth

U.S. Department of Health & Human Services · 200 Independence Avenue, S.W. · Washington, D.C. 20201