Compliance Notes: HIPAA Breach Reporting Tool

On July 25, 2017, The U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) launched a revised web tool, the HIPAA Breach Reporting Tool (HBRT), to help health care entities better identify breaches of health information and learn how breaches of health information are investigated and resolved. HHS OCR originally released the HBRT in 2009, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act, to make information about reported security breaches available to entities covered by the Health Insurance Portability and Accountability Act (HIPAA).

The revised HBRT features improved navigation for those looking for information on breaches, and better usability for organizations reporting incidents. New features include:

  1. Enhanced functionality that highlights breaches currently under investigation and reported within the last 24 months;
  2. New archive that includes all past breaches and information about how these breaches were resolved; and
  3. Improved navigation to additional breach information.

CMS encourages ACOs to share this tool with their participants so that they may stay informed about current security threats and use the tool in the event that a breach occurs. For additional information on HIPAA breach notification, visit the HIPAA Breach Notification Rule webpage.