On July 25, 2017, the U.S. Department of Health and Human Services’ Office for Civil Rights (“OCR”) announced the release of an updated web tool that highlights recent data breaches of health information.
Entities covered by the Health Insurance Portability and Accountability Act (“HIPAA”) are required to notify OCR when they experience a data breach. OCR publishes information it receives regarding data breaches affecting more than 500 individuals on its HIPAA Breach Reporting Tool (“HBRT”). OCR uses the HBRT to provide transparency to the public and HIPAA-covered entities by sharing information regarding reported data breaches, including (1) the name of the reporting entity; (2) the number of individuals affected by the data breach; (3) the type of data breach (e.g., hacking/IT incident, theft, loss, unauthorized access/disclosure); and (4) the location of the breached information (e.g., laptop, paper records, desktop computer).
In the email announcing its recent updates, OCR highlighted the following new features of the HBRT:
- enhanced functionality that highlights data breaches currently under investigation and reported within the last 24 months;
- an archive including all older data breaches;
- improved navigation to additional data breach information; and
- tips for consumers.
OCR stated that it plans to expand and improve the HBRT over time to add functionality and features based on the feedback it receives.