Health and Human Services, Office of Civil Rights

Health and Human Services, Office of Civil Rights (“OCR”) is responsible for enforcing violations of civil rights laws and Health Insurance Portability and Accountability Act (“HIPAA”) Privacy and Confidentiality Rules.

HIPAA Privacy and Security

General Information

HIPAA Security

  • Individual Access Rights – Individuals may request protected health information (“PHI”) maintained by a covered entity.  A covered entity may charge a fee for copies of PHI under limited circumstances.

Breach Notification


Business Associates

HIPAA Audits – Privacy, Security, and Breach Notification 

The OCR conducts on-site and desk audits to determine a covered entity’s compliance with HIPAA.  In 2011 and 2012 (Audit Phase I), OCR implemented a pilot audit program to review 115 covered entities to determine compliance with HIPAA.  In 2016, OCR launched Audit Phase II, selecting a number of covered entities and providing notification via e-mail.   In 2017, OCR continue the Audit Phase II review by selecting business associates.

Civil Rights

ACA Section 1557 – Discrimination based on sex, race, color, or national origin

The information contained on this site is for educational purposes only. USI does not provide legal or tax advice. For advice specific to your situation, please consult an attorney or other professional.

© 2017 USI Insurance Services LLC, All Rights Reserved.