July 20, 2018

July 19, 2018

Subscribe to Latest Legal News and Analysis

July 18, 2018

Subscribe to Latest Legal News and Analysis

July 17, 2018

Subscribe to Latest Legal News and Analysis

The HIPAA “Wall of Shame” is Now Easier to Navigate

Last week, the HHS Office for Civil Rights (OCR) launched an improved version of their HIPAA Breach Reporting Tool (HBRT), commonly referred to by OCR and regulated entities alike as the HIPAA “Wall of Shame.” OCR has also made minor changes to the interface for breach reporting.

The HBRT now makes it easy to navigate and mine information on all reported data breaches (breaches must be reported when they involve the protected health information of 500 or more people). The data displayed includes all breaches that OCR is currently investigating, as well as previously reported cases with information on the outcome of each. For those that gleefully track HIPAA breach trends, the lists can be sorted by location, type of entity, number of individuals affected, type of breach, file location type (e.g., laptop, paper), and the breach submission date.  An advanced search function is also available, as well as the ability to export the data to other formats like Microsoft Excel or Adobe PDF.

OCR has also updated the interface for regulated entities to report data breaches. HINT: to get to the breach reporting function, click the tiny link in the upper right-hand corner of the site that says “File a Breach” – it is easy to miss.  The HBRT then steps the user through the breach reporting process.

Although the HBRT was originally released in 2009 to comply with the Health Information Technology for Economic and Clinical Health (HITECH) Act, this revamped version aims to help industry users by providing ready access to information and an a “fool-proof” reporting tool. Ready access to current and comprehensive information about reported breaches and their causes should give regulated entities more incentive to maintain comprehensive privacy and security programs, avoid data breaches and stay off of the “Wall of Shame.”

Check out the HBRT and feel free to contact OCR through the website to provide feedback, as it plans to continuously improve the tool.

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

Ryan Cuthbertson, Health Care Attorney, Mintz Levin, Air Force Alum, Lawyer
Staff Attorney

Before joining the firm, Ryan was with the US Air Force for nearly 10 years. Most recently, he was with the Defense Contract Management Agency, where he oversaw the contract performance and compliance of military development programs. Previously, Ryan was with the Air Force’s Electronic Systems Center and led a high-profile software development program, for which he drafted contract documents and managed cost, schedule, and performance. Prior to this, he was in the Aircraft Sustainment Group at Robins Air Force Base and was responsible for technical orders for the entire...

Dianne Borque, Health Care, licensure, risk management, attorney, Mintz Levin
Of Counsel

Dianne advises a variety of health care clients on a broad range of issues, including licensure, regulatory, contractual, and risk management matters, and patient care. A large part of her practice involves counseling researchers and research sponsors in matters related to FDA and OHRP regulated clinical research, including patient consent, access to and use of tissue and associated patient information, and the Institutional Review Board process.

She also counsels health care clients and other business entities on the requirements of the HIPAA Privacy Rule and Security Standards, including new requirements under the HITECH provisions of the American Recovery and Reinvestment Act of 2009 (ARRA), and state-imposed medical privacy laws. She regularly assists clients with the implementation of HIPAA-mandated policies and procedures, privacy audits, third-party requests for information, and review of HIPAA-related contracts and forms. She has successfully defended clients in both civil and criminal HIPAA enforcement actions and regularly assists clients with the management of data breaches and other losses of protected health information.

Before joining Mintz Levin, Dianne was an associate staff attorney at the Lahey Clinic, where she provided general counsel services to medical, professional, and administrative staff. She also served as counsel to the Institutional Review Board, the Ethics Committee, the Intellectual Property and Technology Transfer Committee, and the Genetics Advisory Board. Before joining the Lahey Clinic’s legal staff, she worked in the research administration department. Her responsibilities included drafting a regulatory compliance manual detailing laws of concern in basic, clinical, and animal research, continually reviewing relevant regulations to ensure compliance for institutional programs, and researching and advising clients on a broad range of regulatory matters.

(617) 348-1614