For a practical next step, review our private infrastructure services, browse the medical practice FAQ, and explore the full WhyNotDoc security blog.
On March 28, 2026, a Dallas-area OB/GYN practice received an OCR notification that would reshape their compliance priorities. The investigation did not concern a data breach or HIPAA violation. Instead, OCR's Civil Rights Division was investigating allegations that the practice's patient portal accessibility failures constituted disability discrimination under Section 504 of the Rehabilitation Act. The complaint alleged that blind patients could not independently access their medical records through the practice's portal, effectively denying them equal access to their own health information.
This case exemplifies a significant expansion in OCR enforcement scope. The Office for Civil Rights now actively enforces civil rights statutes alongside HIPAA, creating a dual compliance framework that Texas medical practices must navigate. In Q1 2026, OCR announced 34 civil rights investigations of healthcare entities, with Texas practices appearing in 12 of those cases. Understanding this expanded enforcement landscape is essential for practice leaders.
OCR's authority extends beyond HIPAA to multiple civil rights statutes that apply to healthcare organizations receiving federal funding. This includes virtually all medical practices that accept Medicare, Medicaid, or participate in federally funded health programs. The statutes OCR enforces include:
Section 504 of the Rehabilitation Act: Prohibits discrimination based on disability in programs receiving federal financial assistance. For medical practices, this includes obligations to provide accessible patient portals, accommodate patients with disabilities, and ensure effective communication. A Houston cardiology practice faced OCR investigation when their telemedicine platform lacked captioning capabilities, preventing deaf patients from participating in virtual consultations.
Title VI of the Civil Rights Act: Prohibits discrimination based on race, color, or national origin. OCR has intensified investigation of language access failures, including inadequate interpreter services and English-only patient portals. A San Antonio practice received an OCR compliance review after complaints that their Spanish-language portal provided less functionality than the English version.
Title IX of the Education Amendments: Prohibits sex discrimination, including in healthcare settings. OCR has expanded investigations of reproductive healthcare access and gender-affirming care discrimination allegations. A Texas practice group faced OCR review regarding patient portal access restrictions for certain reproductive health records.
Section 1557 of the Affordable Care Act: Prohibits discrimination based on race, color, national origin, sex, age, or disability in health programs receiving federal funding. This statute provides OCR broad authority to investigate healthcare access and equity issues beyond traditional HIPAA privacy concerns.
In February 2026, an Austin-based multi-specialty practice became the subject of a landmark OCR civil rights investigation that illustrates the complexity of modern compliance requirements. The case began with a complaint from a patient with visual impairment who could not access their medical records through the practice's patient portal using screen reader technology.
The investigation revealed multiple accessibility failures. The portal lacked proper heading structure, form labels, and alternative text for images. Navigation depended on mouse interaction that screen readers could not interpret. PDF documents downloaded from the portal were not tagged for accessibility, rendering them unusable for blind patients. The practice had conducted no accessibility testing during portal development or procurement.
OCR's investigation expanded beyond the individual complaint to examine the practice's broader civil rights compliance. Investigators found that the practice had no policy for providing accessible formats of medical records upon request. Staff were untrained on disability accommodation requirements. The practice had not conducted a Section 504 self-evaluation as required for federal funding recipients.
The resolution agreement, announced in March 2026, required the practice to remediate their portal to meet WCAG 2.1 AA standards, implement a comprehensive accessibility policy, train all staff on disability accommodation requirements, and conduct annual accessibility audits. OCR monitoring will continue for three years. The practice estimated total compliance costs at $340,000, including legal fees, technology remediation, and ongoing monitoring.
Texas medical practices face unique compliance pressures due to state-specific factors that intersect with federal requirements:
Language Access Requirements: Texas has the second-highest percentage of Spanish-speaking residents in the United States. OCR has identified Texas as a priority state for Title VI language access enforcement. Practices must provide meaningful access for limited English proficient patients, including translated portal content, interpreter services, and multilingual staff capabilities. A Fort Worth practice faced OCR review after implementing an English-only patient portal despite serving a patient population that was 47% Spanish-speaking.
Rural Healthcare Access: OCR has prioritized investigation of healthcare access barriers affecting rural populations, including technology limitations that prevent equal access to telemedicine and patient portals. A rural Texas practice received OCR attention when their telemedicine platform required broadband speeds unavailable in their service area, effectively excluding rural patients from virtual care options.
Disability Prevalence: Texas has significant populations of veterans with service-connected disabilities and individuals with disabilities related to chronic conditions. OCR expects practices to accommodate these patients through accessible technology and effective communication. A Corpus Christi practice was investigated after their patient portal could not be navigated using voice control, excluding patients with mobility impairments.
State-Federal Coordination: The Texas Health and Human Services Commission has increased coordination with OCR on civil rights enforcement. State agencies now share complaint information with federal investigators, creating dual regulatory exposure for practices under investigation.
OCR's expanded enforcement creates complex intersections between privacy obligations and civil rights requirements. Practices must navigate situations where these mandates potentially conflict:
Accommodation vs. Security: Providing accessible formats of medical records may require processes that differ from standard security protocols. A practice must accommodate a blind patient's request for records in accessible format while maintaining HIPAA security standards. OCR expects practices to implement secure accessible delivery methods rather than using accessibility as justification for security shortcuts.
Interpreter Access vs. Minimum Necessary: Using interpreters for patient communication involves sharing protected health information with third parties. Practices must implement business associate agreements with interpretation services while ensuring that only minimum necessary information is disclosed. OCR has investigated practices that failed to properly contract with interpreter services.
Portal Access vs. Authentication: Accessibility accommodations for patient portals must not compromise authentication security. OCR expects practices to implement accessible MFA options, such as hardware security keys with tactile feedback, rather than eliminating authentication requirements for users with disabilities.
Addressing OCR's expanded enforcement requires systematic compliance programs that address both privacy and civil rights obligations:
Comprehensive Accessibility Audits: Conduct professional accessibility assessments of all patient-facing technology, including portals, telemedicine platforms, and mobile applications. Identify WCAG 2.1 violations and develop remediation roadmaps. A Georgetown practice avoided OCR investigation by proactively conducting an accessibility audit and remediating identified issues before receiving complaints.
Section 504 Self-Evaluation: Federal funding recipients must conduct regular self-evaluations of disability accommodation compliance. Document policies, procedures, and practices for accommodating patients with disabilities. Include accessibility testing of all patient communication channels.
Language Access Planning: Develop comprehensive language access plans that address the needs of limited English proficient patients in your service area. Include translated portal content, qualified interpreter services, and staff training on language access requirements. Document the rationale for language service decisions.
Staff Training Programs: Train all staff on civil rights obligations, including disability accommodation, language access, and nondiscrimination requirements. Ensure staff understand how to respond to accommodation requests and when to escalate to compliance personnel. Training documentation is essential for OCR investigations.
Complaint and Grievance Procedures: Implement accessible complaint procedures that allow patients to report civil rights concerns. Document all complaints and resolutions. OCR examines complaint handling as an indicator of compliance commitment.
OCR investigations demand extensive documentation. Practices should maintain records demonstrating civil rights compliance:
Accessibility Testing Records: Document all accessibility testing, including testing methodologies, results, and remediation actions. Maintain records of assistive technology compatibility testing for patient-facing systems.
Accommodation Request Logs: Track all disability accommodation requests, responses, and resolutions. Document the interactive process for determining effective accommodations.
Language Service Records: Maintain records of interpreter services provided, including service dates, languages, and qualified provider information. Document translation of vital documents and portal content.
Training Documentation: Record all civil rights training, including attendance, content, and dates. Ensure training covers both federal OCR requirements and any applicable state requirements.
Policies and Procedures: Maintain current written policies addressing disability accommodation, language access, and nondiscrimination. Review and update policies regularly to reflect regulatory changes.
We help Texas medical practices develop comprehensive compliance programs that address both HIPAA privacy and OCR civil rights requirements. Our assessments include accessibility audits, language access planning, and documentation frameworks that satisfy federal and state regulatory expectations.
Call 469-252-7016 or schedule online. We help Texas medical practices navigate complex regulatory requirements.