HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

February 11, 2022: Deadline for Providing GAO With Feedback on HHS Data Breach Reporting Requirements

The Government Accountability Office (GAO) has launched a rapid response survey of healthcare organizations and business associates covered by the Health Insurance Portability and Accountability Act (HIPAA) seeking feedback on their experiences reporting data breaches to the Secretary of the Department of Health and Human Services (HHS). The questionnaire was initially due to remain open until 4 p.m. EST on Friday, February 4, 2022., but the deadline has now been extended by a week to February 11, 2022. The survey is being conducted through Survey Monkey and can be accessed here.

Congress requested the GAO review the number of data breaches reported to the HHS since 2015, and the survey seeks to identify some of the challenges, if any, faced by covered entities and business associates in meeting the data breach reporting requirements of the HHS. The GAO will also determine what efforts the HHS has made to address any breach reporting issues and improve the data breach reporting process.

The survey is being distributed by the Health-ISAC, Health Sector Coordinating Council (HSCC) and the American Hospital Association (AHA) on behalf of the GAO, and responses will be provided in aggregate to GAO.

GAO has requested only one survey be completed by each covered entity and business associate. GAO said it will not attribute specific comments to specific individuals and/or organizations when it produces the report, and the only individually identifiable information passed to GAO will be the email address provided in the survey along with any individually identifiable information provided voluntarily in any of the open-ended questions.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

“This is an important opportunity to inform the work of the GAO and help identify the benefits of, along with the many issues of concern expressed over the years by hospitals and health system victims of cyberattacks, regarding the ensuing HHS Office for Civil Rights audit and investigation process,” said John Riggi, AHA national advisor for cybersecurity and risk.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.