Annual Report to Congress on HIPAA Privacy
As required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Office of Civil Rights (OCR) has issued its annual report to Congress on HIPAA Privacy, Security, and Breach Notification Rule compliance for the 2022 calendar year.
Employer Action Items
Plan sponsors of HIPAA-covered entities, especially those of self-insured health plans and business associates, should continually self-assess their compliance with the HIPAA privacy and data security rules, and the requirements under the HITECH Act. This includes ensuring business associate agreements are current, appropriate safeguards are being maintained, and policies and procedures are up-to-date and being followed.
Summary
A summary of OCR’s findings found that during 2022, it received 30,435 new complaints alleging violations of HIPAA and the HITECH Act, and resolved 32,250 complaints. Most of these (87%) were resolved before initiating an investigation. In the 560 investigations that the OCR conducted, the covered entity or business associate took corrective action. 17 were resolved with Resolution Agreements and Corrective Action Plans (RA/CAP) and monetary settlements totaling over $802,500, and two with civil money penalties totaling $100,000.
The OCR also completed 846 compliance reviews and required entities to take corrective action or pay a civil penalty in 674 (80%) of these investigations, two of which resulted in RA/CAPs, along with monetary payments totaling over $2.4 million.
In addition, the OCR engaged in 124 outreach activities to (1) increase education to the public about their HIPAA rights, and to regulated entities about trends in large HIPAA breaches and (2) educate regarding the requirements of the HIPAA rules.
Read the full report here.
For more information
We’re ready when you are. Get in touch and a friendly, knowledgeable Baldwin advisor is prepared to discuss your business or individual needs, ask a few questions to get the full picture, and make a plan to follow up.
This document is intended for general information purposes only and should not be construed as advice or opinions on any specific facts or circumstances. The content of this document is made available on an “as is” basis, without warranty of any kind. The Baldwin Insurance Group Holdings, LLC (“The Baldwin Group”), its affiliates, and subsidiaries do not guarantee that this information is, or can be relied on for, compliance with any law or regulation, assurance against preventable losses, or freedom from legal liability. This publication is not intended to be legal, underwriting, or any other type of professional advice. The Baldwin Group does not guarantee any particular outcome and makes no commitment to update any information herein or remove any items that are no longer accurate or complete. Furthermore, The Baldwin Group does not assume any liability to any person or organization for loss or damage caused by or resulting from any reliance placed on that content. Persons requiring advice should always consult an independent adviser.
The Baldwin Group offers insurance services through one or more of its insurance licensed entities. Each of the entities may be known by one or more of the logos displayed; all insurance commerce is only conducted through The Baldwin Group insurance licensed entities. This material is not an offer to sell insurance.
