Industry Insiders Question Not Revealing Violators of Health Information Breaches
In response to HealthLeaders' inquiry about the prominence of the site, OCR wrote, "The OCR HIPAA Privacy Web site is one of the most visited Web sites in the department, and the link to the new breach Web site is prominently available from the home page."
Borten says she "respectfully disagrees."
"Only someone who is determined to find the site and knows it must be there is likely to find it by drilling down," she says.
Frank Ruelas, director of compliance and risk management at Maryvale Hospital and principal of HIPAA Boot Camp in Casa Grande, AZ, says he too feels the Web site is hard to track.
"I didn't necessarily see the Web-based notices all that easy to find," Ruelas says. "I would have expected them to be a bit more prominently displayed."
Borten says she hopes OCR will reconsider "where and how it posts breaches so that the full intent and impact of the law is met."
But OCR stands by its method, telling HealthLeaders, "The posting of breaches affecting over 500 individuals, as with other provisions in HITECH, has brought a strong refocus on compliance with the HIPAA Privacy and Security rules."
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Senators Hear How Two-Midnight Rule Harms Patients, Hospitals
- 3 Management Lessons from a Supermarket Debacle
- Handshaking Spreads Germs. Get Over It.
- Healthcare Costs Start With What We Eat
- Hospitals Likely to Outsource ICD-10 at Launch
- IOM Identifies GME Problems, Calls for Finance Changes
- CMS Confirms ICD-10 Deadline
- Anatomy of 3 Health System Rebranding Efforts
- Premium Subsidy Fight Creating Uncertainty for Hospitals, Health Plans
- Medicare Advantage Carriers See 'No Choice' But to Accept Cuts