HHS Announces Restructuring of Office for Civil Rights
The U.S. Department of Health and Human Services (HHS) has announced it is restructuring its Office for Civil Rights (OCR), which will split into three divisions, each with specific responsibilities. HHS has recreated the Conscience and Religious Freedom Division (CRFD), which was established in January 2018 under the first Trump administration and operated until March 2023, when it was disbanded by the Biden administration. The Civil Rights Division has also been reestablished, following the amalgamation of both into the Policy Division under the Biden administration.
CRFD is tasked with raising awareness of religious freedom laws and ensuring religious liberty, combating antisemitism and anti-Christian bias, and enforcing conscience protections. OCR enforces civil rights laws, including those that prohibit discrimination on the basis of race, color, national origin, sex, disability, age, or membership in patriotic youth organizations. These responsibilities will be handled by the Civil Rights Division, which will focus on addressing race-based discrimination in a color-blind manner and restoring biological truth.
The Trump administration has focused on these areas during the second term, after being deprioritized under the Biden administration. “This reorganization… strengthens the Office for Civil Rights’ ability to defend religious liberty, enforce conscience protections, and combat unlawful discrimination,” said HHS Secretary Robert F. Kennedy, Jr. “Under President Trump’s leadership, HHS will defend these rights with clarity, accountability, and resolve.”
The Health Information Privacy, Data, and Cybersecurity Division makes up the trifecta and is tasked with handling HIPAA enforcement, including investigations of breaches of unsecured protected health information and health information privacy complaints, both of which have soared in recent years. This enforcement division will continue to support centralized intake and field office execution.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Early in the latest term, there was a major reduction in HHS staffing as the Department of Government Efficiency (DOGE) targeted the department. HHS lost around 20,000 staff members through a combination of eliminated positions, early retirements, and voluntary redundancies. Several field offices were also closed. OCR has been struggling to operate with a limited budget, an increasing workload, and a smaller workforce than in previous years. OCR currently has 116 full-time staff, and while the fiscal year budget would see the department’s workforce increased to 144 full-time staff members, that is significantly fewer than in the early 2020s. It is slightly reassuring that the HHS has confirmed that the restructuring will not involve any further reductions in OCR’s workforce.
Where OCR’s resources will be focused remains to be seen. Large healthcare data breaches increased in 2025, and the complaint volume continues to grow, which is stretching OCR’s resources for health information privacy investigations further still. Healthcare data breaches continue to occur in high numbers; however, the speed at which data breach reports are verified and added to its data breach portal has slowed considerably. OCR had to contend with a lengthy government shutdown last year, with all but essential work coming to a grinding halt. Even accounting for this disruption, the pace has slowed, suggesting health information privacy investigations are a lower priority than under the current administration.
OCR is still working on an update to the HIPAA Privacy Rule, a Notice of Proposed Rulemaking (NPRM) for which was issued by OCR during President Trump’s first term, and an update to the HIPAA Security Rule, the NPRM for which was published in the Federal Register in January 2025 by OCR under the Biden administration. OCR set a provisional timetable for a May 2026 release of a final rule for the HIPAA Security Rule update. OCR has remained tight-lipped about when these regulatory changes will be finalized. They may be delayed if resources are diverted to the CRFD and Civil Rights Divisions.
“This reorganization reinstitutes a structure that rightly prioritizes civil rights and conscience and religious freedom alongside health information privacy and security,” said HHS Office for Civil Rights Director Paula M. Stannard. “All three areas are deserving of subject-matter expertise and distinct senior executive leadership for OCR to best serve the American people.” In the announcement about the restructuring, OCR said it will publish further information in the Federal Register later this month.
