It's that time of the year again: the opportunity to brush off your New Year's resolutions for privacy and security of health information. Here are some potential health information privacy and security resolutions for your consideration.

You can use these Annual, Quarterly, and Monthly lists to map out your privacy and security tasks for 2022, and then check them off as you complete them. We have included empty rows for you to add your own resolutions.

In 2021, OCR completed its 25th enforcement action with respect to the HIPAA right of access at 45 C.F.R. § 164.524. We expect this enforcement trend to continue, so we have included a section focusing on complying with this provision.

As with any New Year's resolutions, these are intended to represent potential best practices for the coming year—failing to undertake or meet one or more of these resolutions does not necessarily mean that you are out of compliance with HIPAA or other laws.

Additionally, this is not intended to be a comprehensive list of all statutory and regulatory requirements. Checking off all these resolutions does not guarantee compliance. Although this list is focused on health information privacy and security, we hope that other sectors also will find it useful.