OCR enforces the Privacy and Security Rules in several ways:
- by investigating complaints filed with it,
- conducting compliance reviews to determine if covered entities are in compliance, and
- performing education and outreach to foster compliance with the Rules' requirements.
OCR also works in conjunction with the Department of Justice (DOJ) to refer possible criminal violations of HIPAA.
Text description of HIPAA Privacy & Security Rules Complaint Process
How OCR Enforces the Privacy & Security Rules
During Intake & Review of a Complaint