Skip to Content

OIG Releases Report Concerning the Adequacy of OCR's Oversight of the HIPAA Security Rule

The Office of the Inspector General (OIG) for HHS released a report on December 4 that questions whether the Office for Civil Rights (OCR) is adequately enforcing and overseeing the HIPAA Security Rule in compliance with federal requirements. The OIG found that OCR had failed to properly conduct periodic audits of covered entities in accordance with HITECH or consistently follow its own investigation procedures for responding to violations. These issues were deemed "critical" by the OIG, which recommended and outlined corrective action in its report. The complete report is available here.