The Department of Health and Human Services Office of Civil Rights (OCR), the office that enforces the provisions of HIPAA regarding privacy and security rules, had a record-setting year in 2018. The office recovered almost $28.7 million in fines, which surpassed the previous year record of $23.5 million. Additionally, in response to a cyberattack on Anthem that resulted in the theft of the protected health information of nearly 79 million individuals, the OCR enforced the largest ever individual settlement of $16 million against Anthem.
This record-setting year serves as a reminder to plans and other covered entities to continuously update and reassess their policies and procedures to remain complaint with HIPAA.