Friday, November 29, 2024

GAO: Electronic Health Information: HHS Needs to Improve Communications for Breach Reporting

Fast Facts

Health IT systems can enhance health care delivery and empower providers to make informed decisions about patient health. But these systems may be vulnerable to breaches.

The Department of Health and Human Services sets standards for protecting electronic health information and enforces compliance with them. Health care providers, health plans, their business associates, and other entities are required to report breaches to HHS.

The HHS Office of Civil Rights manages the breach reporting process, but it lacks a way for entities to provide feedback on it. This feedback could help improve the process…

What GAO Found

Since 2015, the Department of Health and Human Services (HHS) has seen an increase in reported breaches while the number of affected individuals has varied each year from approximately 5 to 113 million. Such breaches of health information involve the unauthorized (intentional or unintentional) exposure, disclosure, or loss of an individual’s identifiable health information…

Recommendations

GAO is making one recommendation to HHS to establish a feedback mechanism to improve the effectiveness of its breach reporting process. HHS concurred with GAO’s recommendation and described actions it would take to address it.

Agency Affected: Department of Health and Human Services

Recommendation: The Secretary of HHS should ensure that OCR establishes a mechanism for covered entities and business associates to provide feedback on OCR’s breach reporting process. (Recommendation 1)

Status: Open

Access the full 37-page report here.

[related-post]

LEAVE A REPLY

Please enter your comment!
Please enter your name here

FedHealthIT Xtra – Find Out More!

Recent News

Don’t Miss A Thing

Jackie Gilbert
Jackie Gilbert
Jackie Gilbert is a Content Analyst for FedHealthIT and Author of 'Anything but COVID-19' on the Daily Take Newsletter for G2Xchange Health and FedCiv.

Subscribe to our mailing list

* indicates required