Last week, the HHS Office for Civil Rights (OCR) launched an improved version of their HIPAA Breach Reporting Tool (HBRT), commonly referred to by OCR and regulated entities alike as the HIPAA “Wall of Shame.” OCR has also made minor changes to the interface for breach reporting.
The HBRT now makes it easy to navigate and mine information on all reported data breaches (breaches must be reported when they involve the protected health information of 500 or more people). The data displayed includes all breaches that OCR is currently investigating, as well as previously reported cases with information on the outcome of each. For those that gleefully track HIPAA breach trends, the lists can be sorted by location, type of entity, number of individuals affected, type of breach, file location type (e.g., laptop, paper), and the breach submission date. An advanced search function is also available, as well as the ability to export the data to other formats like Microsoft Excel or Adobe PDF.
OCR has also updated the interface for regulated entities to report data breaches. HINT: to get to the breach reporting function, click the tiny link in the upper right-hand corner of the site that says “File a Breach” – it is easy to miss. The HBRT then steps the user through the breach reporting process.
Although the HBRT was originally released in 2009 to comply with the Health Information Technology for Economic and Clinical Health (HITECH) Act, this revamped version aims to help industry users by providing ready access to information and an a “fool-proof” reporting tool. Ready access to current and comprehensive information about reported breaches and their causes should give regulated entities more incentive to maintain comprehensive privacy and security programs, avoid data breaches and stay off of the “Wall of Shame.”
Check out the HBRT and feel free to contact OCR through the website to provide feedback, as it plans to continuously improve the tool.