The Office of Civil Rights (OCR) at the US Department of Health and Human Services has taken few steps to enforce HIPAA. The OCR recently reached a settlement with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) over the 2014 theft of a mobile device containing unencrypted protected health data on over 400 hundred patients at a nursing home. The settlement requires CHCS to pay a $650,000 fine and adopt a corrective action plan to protect against something similar happening again.”]