Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherBrowse by ChannelAbout the NetworkJoin the NetworkProductsSub-MenuProducts OverviewBlog ProBlog PlusBlog PremierMicrositeSyndication PortalsAbout UsContactSubscribeSupport
Book a Demo
Search
Close

OCR Announces Major HIPAA Enforcement Initiative

By Stephanie Willis on August 23, 2016
Email this postTweet this postLike this postShare this post on LinkedIn

The Department of Health & Human Services Office of Civil Rights (“OCR”) announced on August 18, 2016 that it is stepping up enforcement actions related to small breaches.  Although OCR investigates all reported breaches affecting more than 500 people, this new initiative will increase investigations of breaches affecting fewer than 500 people.  As OCR recognizes, it is often only through investigations following a reported breach that OCR uncovers more widespread HIPAA compliance issues, and it is those additional issues that often lead to monetary settlements or fines. Particularly given this increased enforcement initiative, covered entities and business associates should continue to evaluate and, where appropriate, strengthen their HIPAA compliance efforts.

OCR’s announcement listed several factors that will influence whether a small breach is investigated:

  • the size of the breach;
  • whether theft of or improper disposal of unencrypted Protected Health Information (“PHI”) occurred;
  • whether unwanted intrusions to IT systems (for example, by hacking) occurred;
  • the amount, nature and sensitivity of the PHI involved; or
  • cases where an entity has numerous breaches involving similar issues.

OCR also notes that investigation decisions may be influenced by the lack of breach reports by an entity compared to similarly situated entities.  This signifies that OCR is closely analyzing the trends revealed by annual breach reports that covered entities and business associates must submit to OCR.

For more information about steps covered entities and business associates can take to improve compliance efforts, contact the authors or your regular Crowell & Moring contact.

  • Posted in:
    Privacy & Data Security
  • Blog:
    Data Law Insights
  • Organization:
    Crowell & Moring LLP
  • Article: View Original Source

LexBlog, Inc. logo
Facebook LinkedIn Twitter RSS
Real Lawyers
99 Park Row
  • About LexBlog
  • Careers
  • Press
  • Contact LexBlog
  • Privacy Policy
  • Editorial Policy
  • Disclaimer
  • Terms of Service
  • RSS Terms of Service
  • Products
  • Blog Pro
  • Blog Plus
  • Blog Premier
  • Microsite
  • Syndication Portals
  • LexBlog Community
  • Resource Center
  • 1-800-913-0988
  • Submit a Request
  • Support Center
  • System Status
  • Resource Center
  • Blogging 101

New to the Network

  • Tennessee Insurance Litigation Blog
  • Claims & Sustains
  • New Jersey Restraining Order Lawyers
  • New Jersey Gun Lawyers
  • Blog of Reason
Copyright © 2025, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo