HIPAA Enforcement Robust in 2018

The Department of Health and Human Services Office of Civil Rights (OCR), the office that enforces the provisions of HIPAA regarding privacy and security rules, had a record-setting year in 2018. The office recovered almost $28.7 million in fines, which surpassed the previous year record of $23.5 million. Additionally, in response to a cyberattack on Anthem that resulted in the theft of the protected health information of nearly 79 million individuals, the OCR enforced the largest ever individual settlement of $16 million against Anthem.

This record-setting year serves as a reminder to plans and other covered entities to continuously update and reassess their policies and procedures to remain complaint with HIPAA.