Does OCR Verify PHI Breach Complaints Before Investigating?

Wed, Apr 21, 2010

Fact Finder

Question: Does the HHS Office of Civil Rights verify the complaints it gets concerning breaches of private health information in alleged violation of HIPAA’s privacy or security rules before launching an investigation? As a covered entity, we’re concerned that someone might decide to use the breach reporting system on OCR’s web site to make totally unfounded complaints and harass our organization.

Read on for the answer, straight from the OCR’s mouth…

Answer: It depends on whether the reported alleged breach is large (over 500 people’s PHI affected). This was cold comfort to compliance, privacy and security officers who attended a presentation titled “Enforcement Efforts” and concerning HIPAA’s security, privacy and breach notification rules at the HCCA Compliance Institute in Dallas, TX on April 19, 2010.

“All reports are verified,” insisted David Holtzman, a Health Information Privacy Specialist with the HHS OCR and the speaker at the presentation.

Click here to login and get access to this article if you already receive the HIT News Wire
If you've already signed in and are still seeing this screen, click here to refresh the page.
HIT News Wire
Free registration required for full access to articles.
You will also receive
  • Free updates on the latest developments affecting healthcare IT.
  • Discounts on 3rd party offers.
Join now
You must have javascript enabled to use this form
Bookmark and Share
, , , , ,