Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

HHS to Investigate Smaller HIPAA Privacy Breaches

As  a reader of this blog, you know all about Health and Human Services’ (HHS) wall of shame. That’s where breaches involving protected health information (PHI) affecting 500 or more...
Michael Buckbee
1 min read
Published August 23, 2016
Last updated June 30, 2022

As  a reader of this blog, you know all about Health and Human Services’ (HHS) wall of shame. That’s where breaches involving protected health information (PHI) affecting 500 or more records are posted for the world to see. It’s actually a requirement of HIPAA – technically the HITECH Act. But now there’s been a slight change in breach policy.

The Office of Civil Rights (OCR), which is part of HHS, investigates all large HIPAA breaches. But this month they announced they will increase efforts to look into smaller breaches that come to their attention.

Regional offices will be given discretion to prioritize which smaller breaches to look into. Some of the factors that they’ll take into account are “breaches that involve unwanted intrusions to IT systems (for example, by hacking)” and “instances where numerous breach reports from a particular covered entity or business associate raise similar issues.”

The investigations will likely take the form of offsite “desk audits”.

Attorneys in data compliance will tell you that to pass these audits you’ll need to have your HIPAA paper work in order — documented security and privacy policies, recent risk assessments, and breach reporting procedures are top on the list.

This is just another indication of how HHS/OCR is stepping up its auditing and HIPAA enforcement.

Covered entities: you’ve been warned!

hipaa

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

5-things-privacy-experts-want-you-to-know-about-wearables
5 Things Privacy Experts Want You to Know About Wearables
There’s been a lot of news lately in the health and fitness wearables space. Apple just announced they’re releasing an app, called “Health,” as well as a cloud-based platform “Health...
is-browsing-facebook-while-in-the-hospital-a-hipaa-violation?
Is Browsing Facebook While in the Hospital a HIPAA Violation?
A recently filed federal class-action suit claims that several healthcare providers are violating HIPAA’s rules on protected health information (PHI). If the suit succeeds, privacy advocates say it has the potential...
5-privacy-concerns-about-wearable-technology
5 Privacy Concerns about Wearable Technology
With over 55 different fitness wearable devices to choose from, the wearables market has breathed new life into our personal health, providing us with more insight into our sleep patterns,...
from-the-hipaa-case-files:-jail-time,-fines,-and-access-rights
From the HIPAA Case Files: Jail Time, Fines, and Access Rights
While I was conducting some research on compliance laws for a customer, I found myself reviewing the penalties written into the 1996 Health Information Portability and Accountability Act, otherwise known...