Enhanced HHS HIPAA Breach Reporting Tool May Aid Health Care Industry Data Security Efforts

Michael Bertoncini
Jackson Lewis P.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Secretary Tom Price of the U.S. Department of Health and Human Services (HHS) announced his agency needs “to focus more on the most recent breaches and clarify when entities have taken action to resolve the issues that might have led to their breaches.” Accordingly, HHS’ Office of Civil Rights has launched a revised web tool providing information about HIPAA breaches. The tool, the HIPAA Breach Reporting Tool (HBRT), features improved navigation helping those looking for information on breaches and ease-of-use for organizations reporting incidents. It also gives health care providers, health plans and business associates easy access to a database from which they can gain a better sense of the common types of breaches and the steps HHS is calling for in order to resolve HIPAA breach cases.

The HBRT was originally launched in 2009, as required by the HITECH Act, providing information regarding HIPAA breaches involving 500 or more individuals. HHS announced that the HBRT’s new features include:

  • Enhanced functionality and search capabilities allowing users to learn more about breaches currently under investigation and reported within the last 24 months;
  • New archive that includes all older breaches and information about how breaches were resolved;
  • Improved navigation to additional breach information; and
  • Tips for consumers.

The HBRT provides information such as: the name of the entity; state where the entity is located; number of individuals affected by the breach; the date of the breach; type of breach (e.g., hacking/IT incident, theft, loss, unauthorized access/disclosure); and location of the breached information (e.g., laptop, paper records, desktop computer). Additional enhancements are expected in the future.

HIPAA covered entities and business associates may find the HBRT helpful for identifying areas in which to focus their information security efforts. In recent months, there have been several high profile data breaches involving the unauthorized disclosure of the protected health information of several hundred thousand individuals. In this environment of increasing security threats and regulator scrutiny, it would be prudent for entities in possession of individually identifiable health information of patients to take active steps to review and, where appropriate, enhance their security measures. The HBRT could be a helpful tool for assisting in those efforts.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jackson Lewis P.C. | Attorney Advertising

Written by:

Jackson Lewis P.C.
Jackson Lewis P.C.
Contact
more
less

Jackson Lewis P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide