The Government Accountability Office (GAO) has started a quick response survey of healthcare companies and business associates under the Health Insurance Portability and Accountability Act (HIPAA) to obtain comments on their experiences sending data breach reports to the Secretary of the Department of Health and Human Services (HHS). The survey will continue to be accessible up to 4 p.m. EST on February 4, 2022. Survey Monkey is running the survey that is available here.
Congress asked the GAO to examine the volume of data breach reports sent to the HHS beginning 2015, and the survey wants to determine the number of issues if any, encountered by covered entities and business associates in fulfilling the data breach reporting prerequisites of the HHS. The GAO will furthermore find out what the HHS has undertaken to tackle any breach reporting problems and make improvements to the system of data breach reporting.
The Health-ISAC, the American Hospital Association (AHA), and the Health Sector Coordinating Council (HSCC) is distributing the survey for the GAO, and the combined feedback will be given to GAO.
GAO has required just one survey to be done by every covered entity and business associate. GAO explained it won’t attribute particular responses to specific persons and/or businesses when it creates the report, and the only individually identifiable information that will be given to GAO is the email address utilized in the questionnaire as well as any individually identifiable data voluntarily furnished by the participants in the open-ended questions.
This is a critical opportunity to tell about the work of the GAO and help discover the rewards of, in addition to the different concerns through the years by cyberattack victims of the health system and hospitals, with regards to the resulting HHS Office for Civil Rights review and investigation procedure, as per John Riggi, who is the AHA national advisor for cybersecurity and risk.