OCR

In 2024, the most common HIPAA compliance issue, according to the Office for Civil Rights (OCR), remains the impermissible use and disclosure of protected health information (PHI). When violations are identified, the OCR frequently refers cases to the Department of Justice (DOJ) for further action. As of 2024, 2,419 referrals have been made to the DOJ for criminal investigation.

Under the HITECH Act, passed in 2009, the secretary is required to post all breaches affecting 500 or more patients to the internet. This applies to all medical providers and Business Associates. This web site is commonly referred to as the HIPAA Wall of Shame. You can find it at https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

Investigations and audits are being triggered by patient complaints. One such complaint that was investigated by OCR cost the office $28,000 and were found to be violating several HIPAA regulations.

Patients have filed a lawsuit against SuperCare over a HIPAA Breach. SuperCare failed to maintain adequate security to protect patient records.

Have you encrypted your laptops? No? You should probably start thinking about getting those devices encrypted.