Health Information Management

'Private practices' will be unmasked on large breaches website

HIM-HIPAA Insider, May 24, 2010

Names of healthcare entities masked as “private practice” on the government website that lists organizations reporting large breaches of unsecured protected health information (PHI) will soon be revealed.

A spokesperson from the Office for Civil Rights (OCR), which enforces the HIPAA privacy and security rules, tells HIPAA Update blog in an e-mail it will lift the “private practice” tag on its website once the 40-day comment period is up on its April 13 Federal Register notice that modifies its existing “System of Records” practices.

The comment period ended Sunday, May 23, and “so OCR anticipates beginning to publish the names of covered entities currently listed as ‘Private Practice’ some time after that,” the spokesperson said. “OCR intends to apply the new routine use retroactively, so names of all covered entities currently listed as ‘Private Practice’ would be published.”

Of the 87 entities reporting breaches affecting 500 or more individuals on the OCR website as of May 18, eight are listed as “private practice.”

Read the full report on HIPAA Update blog.

Most Popular