OCR updates health data breach reporting tool

Revised site provides additional resources to help improve security posture of healthcare organizations.


The Department of Health and Human Services’ Office for Civil Rights has revised a web-based tool making it easier for the public to obtain information about healthcare data breaches and for organizations to report incidents.

OCR first launched their HIPAA Breach Reporting Tool in 2009, as required by HITECH Act, to report breaches of unsecured protected health information of 500 or more individuals. However, based on feedback, the agency has updated the website to better identify recent data breaches and to make it easier to use and navigate.

“HHS heard from the public that we needed to focus more on the most recent breaches and clarify when entities have taken action to resolve the issues that might have led to their breaches,” said HHS Secretary Tom Price, MD, in a written statement. “To that end, we have taken steps to make this website, which features only larger breaches, a more positive, relevant source of information for concerned consumers.”

Also See: HHS data shows 1,800 large data breaches since 2009

According to OCR, the updated tool includes the following new features and functionality:
  • Ability to highlight breaches currently under investigation and reported within the last 24 months
  • An archive that includes all older breaches and information about how breaches were resolved
  • Enhanced navigation to additional breach information
Data tracked by the tool includes: name of entity; state where the entity is located; number of individuals affected by the breach; date of the breach; type of breach; as well as the location of the breached information.


Going forward, OCR said it plans to expand and improve the HIPAA Breach Reporting Tool based on public feedback, adding functionality and features as necessary. The site can be accessed here.

More for you

Loading data for hdm_tax_topic #care-team-experience...