Enforcement Process

OCR enforces the Privacy and Security Rules in several ways: 

  • by investigating complaints filed with it, 
  • conducting compliance reviews to determine if covered entities are in compliance, and 
  • performing education and outreach to foster compliance with the Rules' requirements. 

OCR also works in conjunction with the Department of Justice (DOJ) to refer possible criminal violations of HIPAA.

Text description of HIPAA Privacy & Security Rules Complaint Process

How OCR Enforces the Privacy & Security Rules

During Intake & Review of a Complaint

The Enforcement Rule

Back to Top


Content created by Office for Civil Rights (OCR)
Content last reviewed on June 7, 2017