OCR Reports to Congress on HIPAA Compliance and Data Breaches

The Office of Civil Rights (OCR) in the Department of Health and Human Services has reported a 107% rise in large data breaches from 2018 to 2022. In 2022, OCR received 30,435 new complaints alleging violations of HIPAA rules, with hacking as the main cause of breaches. However, due to lack of financial resources, no audits were conducted in 2022, limiting OCR’s investigation capability. OCR reduced penalty amounts in three tiers, stressing the office’s already tight resources.