Enforcement ProcessOCR enforces the Privacy Rule in several ways: - by investigating complaints filed with it,
- conducting compliance reviews to determine if covered entities are in compliance, and
- performing education and outreach to foster compliance with the Privacy Rule’s requirements.
| | |
OCR also works in conjunction with the Department of Justice (DOJ) to refer possible criminal violations of HIPAA and with the Centers for Medicare & Medicaid Services (CMS) in investigating possible violations of the HIPAA Security Rule. |
![HIPAA Privacy Rule Complaint Process Chart shows that a Complaint goes into Intake and Review - from there it could go to Resolution. From Intake and Review it could go to three possible channels. It could be a Possible Criminal Violation and go to DOJ. It could be a Possible Privacy Rule Violation and go to OCR Investigation. It could be a Possible Security Rule Violation and go to CMS. HIPAA Privacy Rule Complaint Process Chart shows that a Complaint goes into Intake and Review - from there it could go to Resolution. From Intake and Review it could go to three possible channels. It could be a Possible Criminal Violation and go to DOJ. It could be a Possible Privacy Rule Violation and go to OCR Investigation. It could be a Possible Security Rule Violation and go to CMS.](https://webarchive.library.unt.edu/eot2008/20090511193948im_/http://www.hhs.gov/ocr/images/complaintprocesship.jpg)
Text description of HIPAA Privacy Rule Complaint Process Back to Top
|