Perspective: HHS' 'wall of shame' does little to solve important data security problems

HHS' Office of Civil Rights collects HIPAA infractions and posts them publicly on its "wall of shame" as a lesson for future providers who may run into trouble securing the protected health information of patients. But is the "wall of shame" accomplishing much of anything?

"The Office of Civil Rights posts all of these incidents on its website without stating how exactly the breach happened and whether or not the organization is found responsible for the breach," Niam Yaraghi, a fellow in the Washington, D.C.-based Brookings Institution's Center for Technology Innovation, wrote in a recent column for U.S. News & World Report. "In other words, the office publishes the list of indicted without its own rulings, leaving us wondering if an organization is the victim of the breach or is indeed responsible for it."

Breaches should be a learning experience for providers, Mr. Yaraghi wrote. But the OCR's current public-shaming policy does little to help mitigate future compromising of patient information beyond vilifying the victims and making them think twice about sharing what they learned from their experiences. The "wall of shame" lumps the bad guys in with the good guys and provides essentially no actionable information for patients who want to keep their data private and safe.

"The Office of Civil Rights should overhaul its current website and publish detailed information about breaches, indicating its own ruling for each case and subsequent penalties," Mr. Yaraghi wrote. "More importantly, the office should lead efforts to change the current punitive culture of pointing fingers and dealing with each breach as an isolated case to a culture focused on investigating root causes and creating a systematic approach to actually prevent privacy breaches in the future."


Copyright © 2022 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.


Featured Whitepapers

Featured Webinars