HHS Restructuring and New Enforcement Signal Increased Focus on Privacy, Security, and Health Plans | Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

Staff Editor 2026-06-08
HHS Restructuring and New Enforcement Signal Increased Focus on Privacy, Security, and Health Plans | Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

HHS Restructuring and New Enforcement Signal Increased Focus on Privacy, Security, and Health Plans | Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

https://www.jdsupra.com/legalnews/hhs-restructuring-and-new-enforcement-4101831/

Publish Date: 2026-06-08 13:36:00

Source Domain: www.jdsupra.com

On May 18, 2026, the U.S. Department of Health and Human Services (HHS) announced the restructuring of its Office for Civil Rights (OCR) enforcement efforts, establishing a dedicated unit for privacy and security enforcement under the Health Insurance Portability and Accountability Act (HIPAA). The move, combined with a recent enforcement action over a ransomware attack, highlights the agency’s new enforcement focus on health plans and the employers that sponsor them.

Quick Hits

  • OCR will be divided into three divisions: the Conscience and Religious Freedom Division, the Civil Rights Division, and the Health Information Privacy, Data, and Cybersecurity Division.
  • HHS and plan sponsor Star Group (SG) reached an agreement to resolve alleged HIPAA violations related to Star Group’s health plan, imposing $245,000 in fines and an extensive corrective action plan.
  • The two-year corrective action plan will require the health plan to conduct a comprehensive HIPAA data security risk analysis, update training materials, and make annual reports to HHS.
  • This enforcement action emphasizes the need for employers to prioritize security measures for health plan protected health information (PHI) and electronic protected health information (ePHI), as ransomware incidents can trigger government scrutiny and potential penalties under HIPAA.

OCR Restructuring

In announcing the restructuring, HHS stated that the new structure would prioritize and reorganize enforcement efforts related to health information privacy and security by establishing a separate, dedicated division of its OCR as one of OCR’s three divisions: (1) the Conscience and Religious Freedom Division; (2) the Civil Rights Division; and (3) the Health Information Privacy, Data, and Cybersecurity Division.

According to a statement from OCR Director Paula M. Stannard, each new OCR division will have a team with “subject-matter expertise and distinct senior executive leadership” dedicated to enforcing…

Source

More Stories

Apple unveils new AI features with privacy focus at last developers conference with CEO Tim Cook

Apple unveils new AI features with privacy focus at last developers conference with CEO Tim Cook

Staff Editor 2026-06-08
Apple unveils new AI features with privacy focus at last developers conference with CEO Tim Cook | National

Apple unveils new AI features with privacy focus at last developers conference with CEO Tim Cook | National

Staff Editor 2026-06-08
Second Facebook privacy settlement payment is coming. Who qualifies?

Second Facebook privacy settlement payment is coming. Who qualifies?

Staff Editor 2026-06-08

Terms and Conditions - Privacy Policy