Monitoring Data Breaches

The Health and Human Services Department is stepping up to contain and investigate health data breaches, Government Health IT reported last week.

The agency's Office of Civil Rights is keeping a list, available on its website, of the providers that experience large breaches, the article says. The office uses its Program Information Management System, which also contains individual names, Social Security numbers and tax identification numbers, to track and maintain information about these incidents but has assured the public that it discloses the minimum amount of data necessary to contain breaches.

According to the article, health care providers and plans must immediately notify individuals and HHS of breaches affecting more than 500 people, while all other incidents, under the Health Insurance Portability and Accountability Act, are reported annually. But what if providers are repeat offenders--multiple breaches, individually small but with a large overall impact?