HHS is committed to reduce the backlog of HIPAA investigations. Complaints to OCR are now over 50,000 a year (2/3 of which are HIPAA-related), and OCR just isn't designed to meet that level of demand. So HHS s going to reorganize OCR, with specific divisions addressing policy, strategic planning, and enforcement. I don't think that's particularly useful.
Seems to me like OCR should be split into civil rights (discrimination and the like) and HIPAA/health data privacy and security. The HIPAA side should also be split, with policy, planning, and guidance on one side, and breach/complaint on another branch, and enforcement as a third division. The breach/complaint side should also be split into breach issues and non-breach issues (such as access).
At least that's how I'd do it.