Office of Civil Rights Gives Warning: Small Breaches Are Going To Be Investigated
The Office for Civil Rights announced recently that it will step up its investigations of HIPAA breaches affecting fewer than 500 people.
Noting that the root causes of breaches might indicate entity-wide and industry-wide noncompliance with HIPAA’s regulations, the Office for Civil Rights sent electronic notification to providers alerting them that small-scale breaches will receive more attention than in the past. It also pointed out that investigation of breaches provides its office with an opportunity to evaluate an entity’s compliance programs and obtain correction of any deficiencies.
In the past, the Office for Civil Rights focused on breaches involving 500 or more individuals, and it investigated smaller breaches as time and resources permitted. The Office for Civil Rights says regional offices still will retain discretion to prioritize which breaches to investigate.
The Office for Civil Rights cites the following determining factors:
- the size of the breach;
- whether the breach involved theft of or improper disposal of unencrypted protected health information (PHI), or hacking;
- the amount, nature, and sensitivity of the PHI;
- repeated breach reports from a covered entity or from a business associate.
The Office for Civil Rights announced recently that it will step up its investigations of HIPAA breaches affecting fewer than 500 people.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.