Printer Friendly, PDF & Email

OCR to Improve Breach Reporting Communications Following GAO Report

HHS needs to improve the effectiveness of its HIPAA breach reporting process and should establish a feedback mechanism to improve it, a report from the U.S. Government Accountability Office (GAO) concluded.[1] In response, HHS said it would take two steps to facilitate better communications between the Office for Civil Rights (OCR) and HIPAA-covered organizations reporting breaches.

“OCR is charged with implementing and enforcing the HIPAA Privacy, Security and Breach Notification Rules, including the development and management of the breach reporting process,” said the GAO report, issued June 27. “However, OCR does not have a method for covered entities to provide feedback on the breach reporting process, nor did the office indicate that it had plans to develop one.”

Without a clear mechanism to provide feedback to OCR, covered entities and business associates can face challenges during the breach reporting process, the report said. In addition, soliciting feedback “could help OCR improve aspects of the process,” according to the report.

This document is only available to subscribers. Please log in or purchase access.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field