Frequently Asked Questions

Frequently Asked Questions

Privacy

Which federal agency is responsible for enforcing the HIPAA Privacy Rule?

The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing the Privacy Rule. Enforcement of the Privacy Rule began April 14, 2003 for most HIPAA covered entities.

Security

Which federal agency is responsible for enforcing the HIPAA Security Rule?

The Department of Health & Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing the Security Rule. HIPAA covered entities were required to comply with the Security Rule beginning on April 20, 2005. OCR became responsible for enforcing the Security Rule on July 27, 2009

Employee Access & Disclosure

How will anyone know what I access?

Information systems that house patient and sensitive information contain audit trails that track the accounts and information that employees access.

Enforcement Process

What is the OCR’s enforcement process?

OCR enforces the Privacy and Security Rules in several ways.