The Office for Civil Rights (OCR) recently updated its breach portal to provide more information about how it addresses and resolves investigations into certain HIPAA-related breaches. The portal, infamously known as the “Wall of Shame,” displays information about all of the reports OCR receives about breaches affecting 500 or more individuals, including the name of the entity that suffered the breach and details about how the breach occurred. The revamped version divides the reports into two buckets; namely, those breaches that have been investigated and closed, and those that remain under active investigation. For closed cases, OCR has included details about why such investigations were closed, including information about mitigating and corrective actions the entity took in response to the breach.
TIP: Companies subject to HIPAA can leverage the updated portal to glean insight into how HHS approaches breach investigations; in particular, companies can review the web descriptions for closed (or “Archived”) cases to better understand what types of corrective actions OCR may expect an entity to take following a breach.