Skip to main content
Skip to navigation

Regulatory Enforcement

HHS creates new enforcement office for health privacy

By Adrianne Appel2023-02-28T20:20:00

The Department of Health and Human Services (HHS) and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.

The Office for Civil Rights (OCR) at the HHS enforces the Health Insurance Portability and Accountability Act (HIPAA), conducts compliance reviews, investigates complaints, and issues new rules. It also safeguards civil rights and religious freedom related to health.

The office reorganized into three divisions: enforcement, policy, and strategic planning, the HHS announced Monday. The enforcement division will be led by Luis Perez, previously the deputy director for conscience and religious freedom at the OCR.

THIS IS MEMBERS-ONLY CONTENT

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

News Brief
FTC, HHS warn hospitals over use of online tracking tech

2023-07-21T16:15:00Z By Kyle Brasseur

The Federal Trade Commission and Department of Health and Human Services sent letters to approximately 130 hospital systems and telehealth providers regarding potential patient privacy violations and security risks stemming from online tracking technologies.
News Brief
HHS teases policy changes stemming from cyber resiliency analysis

2023-04-17T19:57:00Z By Adrianne Appel

Some U.S. hospitals are falling short in protecting themselves from cyberattacks, with 29 percent of facilities recently surveyed lacking a documented GRC system, a new report from the Department of Health and Human Services found.
Premium
HHS proposal aims to ‘shine a light’ on nursing home ownership

2023-02-23T22:03:00Z By Adrianne Appel

It is still too early in the rulemaking process to know what will be included in the Biden administration’s final rule on transparency of nursing home ownership, but there are some steps facilities can take to prepare, according to experts.

More from Regulatory Enforcement

Article
Georgia Tech to pay $875,000 for allegations brought by compliance officers

2025-10-07T16:08:00Z By Adrianne Appel

Georgia Tech Research Corp. (GTRC) has agreed to pay $875,000 to settle allegations first raised by two compliance officers that its cybersecurity protocols violated acceptable standards for defense contractors, the Department of Justice (DOJ) said.
Article
Tractor Supply Company hit with $1.35M fine for alleged California privacy violations

2025-10-06T17:12:00Z By Adrianne Appel

Tractor Supply Company has agreed to get into compliance with California’s consumer privacy law and to pay a $1.35 million fine—the largest yet by California—to settle allegations it violated the privacy rights of customers and job applicants.
Basic Page
LuminUltra fined $685K by BIS for illegal shipment to Iran

2025-10-06T16:46:00Z By Aly McDevitt

A single $33,000 shipment to Iran triggered a six-figure penalty and years of compliance oversight for biotechnology company LuminUltra Technologies, Inc.