May 23, 2018

May 22, 2018

Subscribe to Latest Legal News and Analysis

May 21, 2018

Subscribe to Latest Legal News and Analysis

Heightened Transparency in Breach Notification Tool Nudges HIPAA Compliance

The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) recently announced its newly improved HIPAA Breach Reporting Tool (HBRT) to much fanfare.

The new HBRT features enhanced search and navigation functions, but its main purpose is much the same as its predecessor — namely, public access to information about HIPAA breaches affecting 500 or more individuals. Its enhanced functions allow HBRT users to filter through the most recent types of breaches, where the breaches occurred, and the number of impacted individuals. The HBRT does not cover every detail leading up to an investigation, but it provides enough information about the type, source and scope of the breach to potentially impact the breaching party’s reputation as a provider or vendor.

While much of the promise of the HBRT involves improving patient-consumer awareness of HIPAA breaches and providing an easy-to-access repository of information about recent breaches for covered entities and their business associates (the same goals touted when the tool was first rolled out in 2009), perhaps the more valuable feature of the new tool is its nudge towards HIPAA compliance. Patients using the tool will be able to review breach information more easily before selecting a health care provider, and may be more inclined to trust a provider that is not on the “Current Investigations” page than one that is listed. Similarly, a potential partner/acquirer/target can now more easily discover breach information when assessing whether a provider is a good match for its strategic development or brand.

Although we are all swimming in data related to HIPAA breaches and settlements, it is important to sift through the available information and use it to enhance HIPAA compliance. The HBRT provides an up-to-date picture of HIPAA compliance for the entire health care industry, and a lot of good can come from this heightened level of transparency. The information available on the HBRT can be very useful when structuring your own HIPAA risk assessments and proactively putting up a strong offense to new types of HIPAA threats.

©2018 Drinker Biddle & Reath LLP. All Rights Reserved


About this Author

Katherine Armstrong, Drinker Biddle Law Firm, Washington DC, Data Privacy Attorney

Katherine E. Armstrong is counsel in the firm’s Government & Regulatory Affairs Practice Group where she focuses her practice on data privacy issues, including law enforcement investigations, and research and analysis of big data information practices including data broker issues.

Katherine has more than 30 years of consumer protection experience at the Federal Trade Commission (FTC), where she served in a variety of roles, including most recently as a Senior Attorney in the Division of Privacy and Identity Protection.  In the Division of...

Jennifer R. Breur, Attorney, Drinker Biddle, Healthcare Lawyer

Jennifer R. Breuer represents health care providers and suppliers in transactional, compliance and regulatory matters, with a focus on Stark Law and Anti-Kickback Statute compliance for hospital-physician relationships. Jen also advises on data strategy and privacy law compliance for electronic health records, health information exchanges and other technology platforms. She regularly assists in the development of compliance strategies for ehealth and telemedicine providers.

Prior to attending law school, Jen worked as a strategy consultant to the worldwide pharmaceutical, biotechnology and medical device industries.

Jen is vice chair of Drinker Biddle's Health Care Group and co-chair of the firm’s Women's Leadership Committee.

Sumaya Noush, Drinker Biddle Law Firm, HealthCare Attorney

Sumaya Noush counsels health care clients on strategic and operational matters including transactions, corporate governance, and regulatory compliance. She helps her clients navigate the daily challenges of running their operations while identifying opportunities for growth in today’s rapidly evolving and highly competitive health care market.

Sumaya previously served as a law clerk for Drinker Biddle, an instructor at Yale’s Bioethics Institute where she taught a seminar on FDA law and medical ethics, and a Visiting Scholar at...