A federal agency has just increased the odds that your company, or companies you do business with, could hear from health information data breach investigators.
The Office for Civil Rights, part of the U.S. Department of Health and Human Services, says it will now let its regional offices look into reports of incidents that have, or could have, exposed the protected health information of 499 or fewer individuals to the wrong people.
Up until now, HHS civil rights office investigators have mostly stuck to investigating data breaches involving the protected health information of 500 or more people.
“Regional offices will still retain discretion to prioritize which smaller breaches to investigate, but each office will increase its efforts to identify and obtain corrective action to address entity and systemic noncompliance related to these breaches,” civil rights office officials write in an email message sent to recipients who’ve signed up to get updates from the office.
The Health Information Technology for Economic and Clinical Health Act (HITECH) Act of 2009 added data breach reporting requirements to the older health information privacy and data security requirements set by the Health Insurance Portability and Accountability Act of 1996.