OCR HIPAA enforcement in 2020 was focused on HIPAA right of access violations with 11 fines issued in 2020 citing this type of violation. Although right of access fines will likely continue, the OCR is bound to shift its focus in the year to come. OCR HIPAA enforcement in 2021 is discussed to provide healthcare organizations with guidance on what may be to come.

OCR HIPAA Enforcement in 2021: You Don’t Need a Weatherman…

OCR HIPAA Enforcement

The fact that the OCR right of access initiative enforcement promise was kept provides insight as to where OCR may be headed next. The 2013 HITECH Act requires HHS to periodically audit covered entities and business associates for their compliance with the HIPAA Rules – the Privacy Rule, the Security Rule, and the Breach Notification Rule. Acting under this requirement, OCR’s 2016-2017 audits (the “Phase 2” audit) examined 166 covered entities and 41 business associates. 

In December of 2020, OCR issued its long-awaited 2016-2017 HIPAA Audits Industry Report, which contains the findings of the 2016 and 2017 audits. OCR has summarized the audit results. The good news:

  • Most covered entities met the timeliness requirements for providing breach notification to individuals.
  • Most covered entities that maintained a website about their customer services or benefits to satisfy the requirement to prominently post their Notice of Privacy Practices on their website.

Let’s Simplify Compliance

Do you need help with HIPAA? Compliancy Group can help!

Learn More!
HIPAA Seal of Compliance

The bad news:

  • (Unsurprisingly,) Most covered entities failed to properly implement the individual right of access requirements such as timely action within