Healthcare Data Breach Enforcements and Fines At A Glance
The Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) is responsible for enforcing the Privacy and Security Rules of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Enforcement of the Privacy Rule began on April 14, 2003, while enforcement of the Security Rule began on April 20, 2005. Furthermore, covered entities and business associates were required to comply with the HIPAA Breach Notification Rule beginning on September 23, 2009. ….