HHS Releases New HIPAA Breach Reporting Tool
Tool to be Used in Breaches Affecting at Least 500 People
The U.S. Department of Health and Human Services (HHS) has released a revised web tool for use in reporting breaches of unsecured protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) that affect 500 or more individuals.
In addition to allowing entities to report breaches, the tool also makes publicly available certain information that entities covered by HIPAA must report to HHS when they are involved in breaches of PHI involving at least 500 people. The tool lists:
- The name of the entity;
- The state where the entity is located;
- The number of individuals affected by the breach;
- The date of the breach;
- The type of breach; and
- The location of the breached information.
Note: HIPAA also requires the covered entity to promptly notify affected individuals of a breach, and, in some cases, notify the media.
Click here to access the revised web tool.