"HHS Agrees to Improve Feedback Process for Healthcare Data Breach Reporting"

The Department of Health and Human Services' (HHS) Office of Civil Rights (OCR) has agreed to implement a feedback mechanism by including language and contact information in the confirmation email that healthcare entities receive. OCR also intends to request that its regional offices regularly review and respond to emails received as part of the breach reporting process. The Government Accountability Office (GAO) recommended that HHS establishes a feedback mechanism to improve the effectiveness of its healthcare data breach reporting process. GAO's report looked at the number of breaches and affected individuals reported to HHS since 2015, examining HHS' review process to assess covered entities' security measures, and provided recommendations to help HHS improve communications for breach reporting. OCR enforces the privacy, security, and breach notification rules of the Health Insurance Portability and Accountability Act, which establishes national standards for safeguarding Protected Health Information (PHI) and requires covered entities and their business associates to notify HHS of breaches of unsecured PHI. While OCR has created a breach notification process, there is no way for covered entities to provide feedback on the breach reporting process. According to a GAO survey of covered entities and business associates, 80 percent of respondents reported communication-related challenges during the breach reporting process. In addition to recommending a feedback mechanism, the GAO report found that the number of breaches involving unsecured PHI has been steadily increasing since 2015. In 2021, there were 714 reported breaches of health information, nearly three times the number reported in 2015. This article continues to discuss the HHS' agreement to improve the feedback process for healthcare data breach reporting as well as the increase in PHI breaches.

SC Media reports "HHS Agrees to Improve Feedback Process for Healthcare Data Breach Reporting"

Submitted by Anonymous on