What Can We Learn From the Healthcare Data Breach Wall of Shame?

In addition to dealing with the public outcry and regulatory scrutiny resulting from a healthcare data breach, covered entities under the Health Insurance Portability and Accountability Act (or their business associates) are required to report breaches to the Department of Health & Human Services (HHS) Office for Civil Rights. But the pain doesnt end there. If the breach reported to HHS involved more than 500 individuals, it is published for the world to see on an HHS website, colloquially referred to as the wall of shame.In existence since 2009, the wall provides a brief summary of data breaches, including the name of the covered entity, covered entity type (i.e., provider or business associate), number of individuals affected, type of breach and location of the breach (e.g., server, email, electronic medical record). Congress mandated that the public have access to breach information, but questions have arisen regarding the value of the site, how the data is presented and how long the data should be available to the public.Specifically, the persistence of the information available on the site has caused angst and criticism. After all, if a provider reported a data breach in 2011 but has since implemented corrective actions and remediated and mitigated the issue, does it serve any purpose to continue to remind the public of what happened so many years ago? These critiques led to some minor changes in 2017, but no dramatic overhaul. The primary changes were:

Source: https://www.lexology.com/library/detail.aspx