From the compliance date of the HIPAA Privacy Rule on April 14, 2003 to Dec. 31, 2012, HHS' Office of Civil Rights received 77,190 complaints alleging violations of HIPAA rules, according to the OCR's latest Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance.
The report examines HIPAA breach compliance and complaints for 2011 and 2012. Here are nine key findings from the report.
1. As of Dec. 31, 2012, the OCR resolved 91 percent of all received complaints since April 2003, most of them being resolved within one year.
2. During calendar year 2012, the OCR received 10,454 violation complaints, the highest number of complaints at that point.
3. In 2012, OCR reached resolutions for 9,408 complaints and investigated 4,340 complaints.
4. Of the allegations reaching resolutions, 10 percent were found to not have violated HIPAA and 36 percent took corrective action.
5. Of the 4,340 complaints investigated, 23 percent were found to not be in violation of HIPAA, and 77 percent took corrective action.
6. In 5,068 complaints in 2012, OCR deemed it did not have the jurisdiction under HIPAA to investigate the allegations.
7. OCR opened 222 compliance reviews in 2012 due to a breach report affecting 500 or more individuals.
8. The number of complaints received, complaints resolved, allegations where OCR had no jurisdiction and investigated complaints requiring corrective action all increased from 2011 to 2012.
9. The only metric to decrease from 2011 to 2012 was the number of investigated complaints in which no HIPAA violation was found, falling from 1,302 to 979.
More Articles on HIPAA:
Nearly One-Third of HIPAA Complaints Are Not Actual Violations
Florida Law Expands Data Breach Notification Requirements
Jocelyn Samuels Named Director of OCR, Will Oversee HIPAA Compliance