2016 saw heightened OCR HIPAA enforcement and guidance activity, including the first Resolution Agreement with a business associate, the Phase 2 Audits, and detailed guidance on several topics, including patient access to records and breaches resulting from malware. Faculty will highlight OCR’s enforcement actions in 2016, emphasizing the compliance weaknesses that resulted in serious penalties. They will also discuss several significant OCR HIPAA guidance’s, which may signal OCR’s focus for future enforcement activity.