The Department of Health and Human Services’ Restructuring Extends to OCR Enforcement
Assistant Secretary of Enforcement to oversee OCR, OHA, and DAB
The Department of Health and Human Services has announced a significant restructuring plan that consolidates 28 divisions into 15 and reduces the number of regional offices from ten to five. A new role, Assistant Secretary of Enforcement, is being created to lead and oversee the Office for Civil Rights (OCR) enforcement, Office of Medicare Hearings and Appeals (OHA), and Departmental Appeals Board (DAB). The OCR’s responsibilities include: (a) ensuring hospitals, clinics, and other health programs don’t discriminate in delivery of services; (b) enforcing HIPAA Privacy, Security, and Breach Rules; (c) investigating data breaches and the improper use or sharing of protected health information; and (d) protecting Whistleblowers that raise concerns about care for vulnerable populations. The 2025 “Compliance Benchmark Survey” results found that healthcare organizations are more likely to face enforcement actions from the OCR, than from the Office of Inspector General (OIG), the Department of Justice (DOJ), or Medicaid Fraud Control Units (MFCUs). With the reorganization, it is difficult at this point to predict exactly how this will impact HIPAA enforcement; however, with a more consolidated enforcement structure, it may promote closer coordination with other HHS enforcement entities. To date, there have been no specific layoffs announced at OCR, however it is likely that there will be significant changes that may impact staffing, especially with the reduction of regional offices. HHS had previously requested in 2024 a significant budget increase for OCR that was nearly double the previous year’s appropriation and a staffing level of approximately 130 civil servants. This was in response to meeting the challenge of the growing number of HIPAA complaints. However, it is highly doubtful that this increase will move forward this year. At this time, the OCR is still actively involved in HIPAA compliance enforcement, including investigating high-profile data breaches.
For more information on this topic, contact Richard Kusserow ([email protected]). You can also keep up-to-date with Strategic Management Services by following us on LinkedIn.
