HHS Announces Restructuring Effort to Trim Backlog of HIPAA and Civil Rights Complaints
The U.S. Department of Health and Human Services (HHS) has restructured its Office for Civil Rights (OCR) and has created new divisions that will help improve the enforcement of HIPAA and civil rights laws and clear the current backlog of complaints and investigations. OCR is the main law enforcement agency of the HHS and is responsible for enforcing 55 civil rights, conscience, and privacy statutes, including the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act.
In a recent report to Congress, OCR explained that its caseload has increased significantly in recent years, yet appropriations have not risen, which has placed the department under great strain. Reported data breaches increased by 58% between 2017 and 2021, and complaints about potential HIPAA have also been soaring, rising 25% year-over-year to 34,077 complaints in 2021. Complaints about civil rights violations have also increased, rising by 69% between 2017 and 2022. In 2022, 51,000 complaints were received by OCR, 66% for alleged violations of HIPAA, 27% for alleged civil rights violations, and 7% for alleged violations of conscience/religious freedom.
To ensure that complaints can be investigated in a timely manner, the HHS has created three new divisions within OCR – an Enforcement Division, a Policy Division, and a Strategic Planning Division. The enforcement division will be dedicated to investigating HIPAA complaints, with a focus on cybersecurity breaches, which have soared in recent years to over 660 in 2020 and more than 700 in 2022. Approximately 80% of all reported data breaches are due to hacking.
The current Health Information Privacy Division (HIP) will be renamed the Health Information Privacy, Data, and Cybersecurity Division (HIPDC), to better reflect the role it plays in cybersecurity and investigating data breaches related to hacking. OCR will also reorganize the responsibilities of other divisions into new, crosscutting divisions to improve efficiency, with staff in those divisions working in areas of expertise where they have the right skill sets, which it is hoped will drive greater implementation and enforcement of the law. The new divisions will provide a more integrated operational structure for civil rights, conscience protection, and privacy/cybersecurity protections, with the department’s new structure reflecting that of other federal civil rights offices, such as the Office for Civil Rights of the Department for Education.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
OCR still desperately needs more funding to allow it to better achieve its objectives; however, the restructuring will allow the department to get better use of its limited resources. OCR has confirmed that the Enforcement Division will be a standalone division that will operate under the direction of Luis Perez, who has spent 4 years as Deputy Director for Conscience and Religious Freedom at OCR. The Enforcement division, under Perez’s leadership, will provide vital integration between OCR’s regional offices and headquarters to ensure complaints can be swiftly investigated.
“This structure will enable OCR staff to leverage its deep expertise and skills to ensure that we are protecting individuals under the range of federal laws that we are tasked with enforcing,” said HHS’ Office of Civil Rights Director, Melanie Fontes Rainer in a statement.
