Enforcement Process — Corrective action / RA

Full description

Navigate to: HIPAA for Professionals Regulatory Initiatives Privacy Summary of the Privacy Rule Guidance Combined Text of All Rules HIPAA Related Links Security Security Rule NPRM Summary of the Security Rule Security Guidance Cyber Security Guidance Breach Notification Breach Reporting Guidance Reports to Congress Regulation History Compliance & Enforcement Enforcement Rule Enforcement Process Enforcement Data Resolution Agreements Case Examples Audit Reports to Congress State Attorneys General Special Topics Parental Access Mental and Behavioral Health Change Healthcare Cybersecurity Incident FAQs HIPAA and COVID-19 HIPAA and Reproductive Health HIPAA and Final Rule Notice HIPAA and Telehealth HIPAA and FERPA Research Public Health Emergency Response Health Information Technology Health Apps Patient Safety Covered Entities & Business Associates Business Associate Contracts Business Associates Training & Resources FAQs for Professionals Other Administrative Simplification Rules Substance Use Disorder Confidentiality Enforcement Process OCR enforces the Privacy and Security Rules in several ways: by investigating complaints filed with it, conducting compliance reviews to determine if covered entities are in compliance, and performing education and outreach to foster compliance with the Rules' requirements. OCR also works in conjunction with the Department of Justice (DOJ) to refer possible criminal violations of HIPAA.Text description of HIPAA Privacy & Security Rules Complaint ProcessHow OCR Enforces the HIPAA RulesDuring Intake & Review of a ComplaintThe Enforcement RuleBack to Top Content last reviewed September 17, 2021