No more anonymous "private practice" on HHS breach list
HHS has now started revealing the names of the HIPAA-covered entities who had previously been listed only as “private practice” in their list of those having breaches affecting 500 or more individuals. PHIprivacy.net had been one of a number of entities that had complained about private practices being shielded, but OCR had interpreted the Privacy Act of 1974 as prohibiting them from revealing the individuals’ names without their consent. They subsequently proposed and enacted a change in permissible uses of the data that makes the listing of names fall under “routine use.”
The revised listing, which went “live” last week, currently displays 113 entries, sorted alphabetically, and the list is also available in .cvs and .xml formats on HHS/OCR’s new breach list web site. Change your bookmark.
As noted earlier this week, HHS/OCR informs this site that it will not be providing additional information on the site as to what types of information or data were involved in the breach and it will not be listing breaches affecting under 500 individuals.