Skip to content
HIPAA

HHS Issues Annual Report on HIPAA Compliance

The Baldwin Group
|
Updated: April 24, 2024
|
1 minute read

As required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Office of Civil Rights (OCR) has issued its annual report to Congress on HIPAA Privacy, Security, and Breach Notification Rule compliance for the 2022 calendar year.

Employer Action Items

Plan sponsors of HIPAA-covered entities, especially those of self-insured health plans and business associates, should continually self-assess their compliance with the HIPAA privacy and data security rules, and the requirements under the HITECH Act. This includes ensuring business associate agreements are current, appropriate safeguards are being maintained, and policies and procedures are up-to-date and being followed.

Summary

A summary of OCR’s findings found that during 2022, it received 30,435 new complaints alleging violations of HIPAA and the HITECH Act, and resolved 32,250 complaints. Most of these (87%) were resolved before initiating an investigation. In the 560 investigations that the OCR conducted, the covered entity or business associate took corrective action. 17 were resolved with Resolution Agreements and Corrective Action Plans (RA/CAP) and monetary settlements totaling over $802,500, and two with civil money penalties totaling $100,000.

The OCR also completed 846 compliance reviews and required entities to take corrective action or pay a civil penalty in 674 (80%) of these investigations, two of which resulted in RA/CAPs, along with monetary payments totaling over $2.4 million.

In addition, the OCR engaged in 124 outreach activities to (1) increase education to the public about their HIPAA rights, and to regulated entities about trends in large HIPAA breaches and (2) educate regarding the requirements of the HIPAA rules.

Read the full report here.


Related Insights

Stay in the know

Our experts monitor your industry and global events to provide meaningful insights and help break down what you need to know, potential impacts, and how you should respond.

Upcoming Compliance Deadlines - June 2025
Employers must comply with numerous reporting and disclosure requirements in connection with their group health plans. Please note the following upcoming...
Baldwin Bulletin
Form 5500 Deadline is July 31, 2025, for Calendar Year Plans
June 2025 Caitlin Hillenbrand, Associate Director, Benefits Compliance Many organizations that are subject to the Employee Retirement Income Security Act...
Baldwin Bulletin
IRS Releases 2026 Inflation-Adjusted Amounts for HSAs, HDHPs and EBHRAs
June 2025 Stephanie Hall, Associate Director, Benefits Compliance The Internal Revenue Service (“IRS”) is required to announce annual inflation-adjusted limits...
Baldwin Bulletin
The Department of Labor Issues Guidance on Independent Contractor Misclassification
June 2025 Natashia Wright, Associate Director, Benefits Compliance On May 1, 2025, the U.S. Department of Labor (“DOL”) issued Field...
Baldwin Bulletin
Health and Human Services Office for Civil Rights Reaches Settlement for Potential HIPAA Violations
June 2025 Natashia Wright, Associate Director, Benefits Compliance The Department of Health and Human Services (“HHS”) Office of Civil Rights...
Let's make it possible

Partner with us to build solutions that align with your business, individual, or employee needs and open new possibilities for your future.

Connect with us