On February 14, 2024, the US Department of Health & Human Services Office for Civil Rights issued two Reports to Congress on Health Insurance Portability and Accountability Act of 1996 (HIPAA) compliance and enforcement, specifically, on HIPAA Privacy, Security, and Breach Notification Rule Compliance and Breaches of Unsecured Protected Health Information. These reports are required to be submitted to Congress annually by the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009. The HIPAA Rules provide the minimum required privacy and security safeguards for protected health information, and give individuals rights with respect to that information, such as the right to access their health information. These reports, delivered to Congress, help regulated entities (such as most healthcare providers, health plans, and healthcare clearinghouses) and their business associates in their HIPAA compliance efforts by sharing steps taken by OCR to investigate complaints, breach reports, and compliance reviews regarding potential violations of the HIPAA Rules. The reports include important data on the number of HIPAA cases investigated, areas of noncompliance, and insights into trends such as cybersecurity readiness.
