[ Tuesday, March 08, 2016 ]
Is the Wall of Shame obsolete? Some say so
Jeff [8:30 AM]
. I disagree. I know privacy officers whose concerns increase dramatically when the number of individuals involved in an incident approaches 500. Much of that is because an immediate report to OCR (as opposed to an annual report) will automatically bring an OCR investigation. But they're also afraid of being posted on the Wall. Also, many of us look at the Wall to see if an entity has a posting, for example during due diligence. Does the wall not cause increased privacy diligence? Maybe, but that's because (i) virtually all HIPAA-covered entities already are very diligent by nature where privacy is concerned, and (ii) it is the other HIPAA punishments OCR can dish out that cause the diligence. What the wall does instead is allow the outside world to know a little about what OCR already knows -- who the big players are, what types of breaches are prevalent, etc.
Blogger: HIPAA Blog - Edit your Template