In early September, Secretary Tom Price of the U.S. Department of Health and Human Services (HHS) announced his agency needs “to focus more on the most recent breaches and clarify when entities have taken action to resolve the issues that might have led to their breaches.” Following along with this, the Office of Civil Rights launched a revised web tool which provides information about HIPAA breaches. Within the tool, users can both look up breach information and report incidents. Breach information is available for cases under investigation and reported within the past 24 months. The OCR has also added an “archive” section which allows users to obtain information about how a breach was resolved. The revised HIPAA Breach Reporting Tool (HBRT) provides many searchable fields:

• Type of breach
• Location of breach
• Breach submission date
• Covered entity type
• State
• Covered entity or Business Associate name

Covered entities and Business Associates should review the HBRT, be aware of the types of breaches that have occurred, and use this information to evaluate their own security measures.

The HRBT can be accessed via the following link: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf