The Department of Health and Human Services, Office of Civil Rights (HHS-OCR) published two trend reports, one on HIPAA Privacy, Security, and Breach Notification Rule Compliance and the other on Breaches of Unsecured Protected Health Information for 2022 and delivered the reports to Congress last month. The reports provide HIPAA covered entities and business associates with insight on enforcement trends and commonly investigated issues by the HHS-OCR.
Notably, the agency reported that hacking/IT incidents remain the largest category of breaches occurring in 2022, affecting 500 or more individuals and comprising 77 percent of the reported breaches. Additionally, the reports showed continued noncompliance among HIPAA covered entities and business associates with HIPAA Security Rule requirements, including risk analysis and risk management, information system activity review, audit controls, response and reporting, and person or entity authentication.
HHS-OCR Director Melanie Fontes Rainer recommended that HIPAA covered entities and business associates review the HHS-OCR annual reports to learn about common causes of HIPAA breaches and how to prevent them. These reports also provide insight into which complaints the HHS-OCR is most likely to investigate and the potential consequences of these investigations for HIPAA covered entities and business associates.
The reports for 2022 and previous years are available on the HHS-OCR website.