OCR Data Breach Portal Update Stresses Breaches Under Scrutiny

The previous month, the Division of HHS verified it was pondering revising its data breach portal – usually known as the OCR’s ‘Wall of Shame’.

Article 13402(e) (4) of the HITECH Law needs OCR to preserve a shared list of breaches of safeguarded health info that have affected over 500 people. All, more than 500 record data breaches informed to OCR since 2009 are recorded on the breach portal.

The data breach list contacts a wide range of breaches, several of which happened through no fault of the protected unit and involved no infringements of HIPAA Laws.

OCR has been criticized for its breach portal for this very cause, most lately from Rep. Michael Burgess (R-Texas) who stated the breach portal was ‘unreasonably punitive’ in its present form.

For instance, robberies will happen even with practical physical safety in place and even with proper controls in place, rogue healthcare workers will retrieve PHI out of interest or with a malevolent intention on occasion, with some seeing it fraudulent for those breaches to remain on public exhibition forever.

Roger Severino, OCR Director stated previous month that “The website offers a vital source of info to the general public, however, we know that the setup has become out-of-date and should and can be improved.”

Although the HITECH Law necessitates OCR to preserve the portal, the Law doesn’t identify for how long that information should be shown. One option for modification would be a time limit for showing the breach summaries. There was anxiety from some secrecy supporters concerning the loss of info from the portal, which would make it difficult for information regarding previous breaches to be found for investigation purposes or by sick persons whose PHI might have been disclosed.

Modifications have been made to the breach portal which has gone live now. The breach portal now shows all data breaches that are presently under scrutiny by OCR. OCR probes all reported data breaches affecting over 500 people. Presently, the list displays there are 354 active inquiries dating back to July 2015.

The sequence of the list has also been altered so the most recent breach reports are shown first – A much more suitable sequence for testing the latest companies to report data breaches.

Data breaches that were informed to OCR over 24 months before together with breach inquiries that have now been concluded have not been misplaced, in its place, they have been shifted to a store. The store can still be accessed via the site and is searchable, as earlier.

Since latest data breaches might be in the store or main list, it has the possibility to make searches and research more difficult. OCR has faced this issue by providing a research report having the complete list of breaches dating back to 2009.

OCR states the new revised portal “Puts vital information into the hands of people, allowing them to better identify latest breaches of health info and to know how all breaches of health info are probed and successfully solved.”

Other advantages specified by OCR are:

Increased functionality that emphasizes breaches presently under inquiry and informed within the last 24 months

A new store that contains all older breaches and information regarding how breaches were resolved

Better navigation to additional breach information

Guidelines for users


Additional updates to the portal are projected to be made with the portal because of advantage from increased functionality and new qualities over time.