On February 17th, 2023, the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) delivered two key reports to Congress, detailing their findings regarding HIPAA privacy and breach data for the 2021 calendar year.
These reports offer regulated entities key insight into their own HIPAA compliance efforts by looking closely at investigated complaints, breach reports, and compliance reviews regarding potential violations of the HIPAA standards. The 2021 reports include key metrics on the number of cases investigated, potential areas of non-compliance, and trends surrounding cybersecurity readiness.
Among the reports’ suggestions for compliance improvement, OCR recommends that providers specifically focus on addressing:
- · Improvements to risk analysis and risk management procedures;
- · Implementing more robust information system activity reviews;
- · Revisiting audit and access controls.
These compliance concerns specifically address the need to combat hacking incidents – which remain the largest category of breaches in 2021 – affecting 500 or more individuals and comprising 75% of reported breaches. Network servers in specific were the largest locational target.
To read OCR’s 2021 Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance, click here.
To read OCR’s 2021 Report to Congress on Breaches of Unsecured Protected Health Information, click here.
Ready to enhance your organization’s cybersecurity & compliance? Contact Anatomy IT to learn more about our security, HIPAA Security Risk Assessments (SRA) and compliance services.