MYTH: HIPAA is not actively enforced.
FACT: The HHS Office for Civil Rights enforces the HIPAA Privacy and Security Rules by investigating complaints filed by patients, conducting audits, and allowing state attorneys general to bring a civil action on behalf of state residents for alleged HIPAA violations.
OCR has been very active investigating and penalizing violations of the HIPAA Rules. The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) made several modifications to the enforcement process under HIPAA, including a change in determining whether a breach has occurred, a new mechanism of enforcement for state attorneys general, and an audit process. To learn more about HIPAA enforcement activity, please read our Myth Buster.
Enter the password to open this PDF file:
.png)