OIG Report on HIPAA Breach Notification Recommends Improved Follow-Up of Small Breaches

In addition to the recent report on the Office of Civil Rights’ (OCR) Oversight of the HIPAA Privacy Rule, the Office of Inspector General (OIG) for the Department of Health and Human Services (HHS) also issued a report titled “OCR Should Strengthen Its Follow-up of Breaches of Protected Health Information Reported by Covered Entities”. Among its findings in the report, the OIG noted that OCR was investigating all “large” breaches reported pursuant to the Breach Notification Rule, but was not recording “small” breaches in its case-tracking system, limiting OCR’s ability to track and identify covered entities with multiple small breaches.

“Large breaches” were defined as those breaches of unsecured protected health information affecting 500 or more individuals, while small breaches are considered those involving less than 500 individuals. While large breaches are reported to the OCR (and the media) without unreasonably delay and no more than 60 days from discovery of the breach, “small breaches” must only be reported annually (within 60 days of the end of the calendar year during which the breach was discovered).

The OIG’s recommendation to improve tracking of small breaches is based on the belief that this will help OCR to identify providers with “systemic issues” impacting the Privacy and Security of Protected Health Information (PHI).

What does this mean for providers?

Providers who have multiple small breaches will be more likely to be subjected to further follow up and investigation by the OCR.

It is important that providers improve HIPAA Privacy and Security safeguards to minimize all breaches.
Our firm’s HIPAA Resources page contains many links to government resources as well as checklists developed by our attorneys to help covered entities assess their HIPAA compliance efforts.  Our firm is also offering covered entities and business associates a free 15 minute consultation to discuss HIPAA issues. To schedule a call, please click this link.

Speak Your Mind