In a recent audit, the US Government Accountability Office (GAO) has recommended the US Department of Health and Human Services (HHS) to establish a mechanism to improve the effectiveness of its data breach reporting process. HHS sets standards for protecting electronic health information and enforces compliance with them, where data breaches for entities under the HHS have to be reported to it. Since 2015, HHS has seen a steady increase in reported breaches of individual’s identifiable health information with the number of affected individuals varied, each year, from approximately 5 to 113 million. The GAO recommendation is specifically addressed to the HHS Office of Civil Rights that manages the breach reporting process, but it lacks a way for entities to provide feedback on it. Find the recommendation here.
