The HHS Office for Civil Rights, which enforces rules surrounding HIPAA, has announced it will investigate breaches of protected health information affecting fewer than 500 individuals.
In September 2015, the HHS Office of Inspector General recommended that OCR begin posting smaller data breaches on its public web site, and OCR now is doing that. The site previously only listed breaches affecting 500 or more individuals.
In the announcement, OCR cited five recent settlements with covered entities that had smaller breaches; the settlements included financial fines and imposition of corrective action plans.