HHS OCR comments on its 2026 priorities - DataBreaches.Net

HHS OCR comments on its 2026 priorities - DataBreaches.Net

Briefly

"OCR continues to execute its enforcement mission under its statutory and regulatory authorities regarding civil rights, exercise of conscience, and health information privacy and security, and breach notification. OCR continues to investigate complaints filed, to conduct compliance reviews, and to review breaches of unsecured protected health information. OCR will be responsive to the HIPAA trends and compliance issues within OCR's jurisdiction that are affecting the public and the regulated industry."

"That said, there are four areas worth highlighting as priorities in OCR's health information privacy and security portfolio, in no particular order. Continuing of the HIPAA Privacy Rule Right of Access Enforcement Initiative, with several new compliance reviews on parental access to minor children's records. Building upon the HIPAA Security Rule Risk Analysis Initiative with an expansion to risk management. Emphasizing hacking and ransomware enforcement actions, as it is the main type of large breach reported to OCR. Preparing to begin receiving breach reports and complaints in February 2026 for a new enforcement program for the confidentiality of substance use disorder treatment records under 42 C.F.R. Part 2."