Tips to Stay Off the Office for Civil Rights’ “Wall of Shame”

Friday, February 8, 2013

By George F. Indest, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law

As of February 2013, there are 537 cases listed on the Office for Civil Rights’ (OCR) “Wall of Shame.” These are breaches of unsecured health information affecting 500 or more individuals. The reports of these breaches of patient confidentiality are required by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The OCR continuously updates this list of breaches on its website. These breaches include a brief summary of each case that OCR has investigated and closed, as well as the names of private practice providers who have reported breaches of unsecured health information to the OCR.

Click here to view the OCR's "Wall of Shame."

Notable Cases on the “Wall of Shame.”

Six healthcare organizations listed on the “Wall of Shame” reported security breaches that involved one million or more patient records. Among the largest breaches reported was one by the TRICARE Management Activity, which reported 4.9 million records lost when back up tapes for computer systems went missing. Another major breach involved WellPoint, the largest managed health care company in the Blue Cross and Blue Shield Association. The company reported 31,700 of its customer records were compromised during a three-year time frame. The breach was believed to be caused by an unauthorized hack into a network server.

According to an article in Modern Healthcare, a majority of the breaches on the “Wall of Shame” involve laptops, backup disks and other portable devices that were stolen. These devices contained patient information and were not encrypted. Had the files been protected by encryption, these organizations would not have landed on the list.

Click here to read the article from Modern Healthcare.

Keep Up-To-Date With Changes in HIPAA and HITECH.

The OCR under the U.S. Department of Health and Humans Services (HHS) recently released stronger rules and protections governing patient privacy. On January 17, 2013, the HHS announced the omnibus rule to strengthen the privacy and security protection established under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. These changes also improve the HITECH Act by making it clear when breaches must be reported to the OCR. Once reported, the breaches are then placed on the “Wall of Shame.” It’s important to review these changes, as to stay off the list. Click here to learn more on the new HIPAA rules.

Get a HIPAA Risk Assessment.

Since the HIPAA laws have changed, you need to edit your privacy forms and procedures. Many health providers simply don't have the time to re-review their policies and revise documents. A HIPAA risk assessment is a thorough review and analysis of areas where you may have risk of violating the HIPAA laws.  Federal regulations require that covered entities have this assessment done. To learn more on HIPAA risk assessments, click here.

You can also take steps to limit potential risk that you’ll become a victim in the first place. Learn how to protect yourself, click here for more.

Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.
The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).
For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at or call (407) 331-6620 or (850) 439-1001.


Have you ever heard of the “Wall of Shame? What do you think of this list? Please leave any thoughtful comments below.


Modern Healthcare. “Hoping for ‘Progress’ on Health Data Breaches.” Modern Healthcare. (January 8, 2013). From:

Mearian, Lucas. “‘Wall of Shame’ Exposes 21M Medical Record Breaches.” Computerworld. (August 7, 2012). From:

About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.

Tag Words: Office for Civil Rights (OCR), Wall of Shame, Health Insurance Portability and Accountability Act (HIPAA), Department of Health and Human Services (HHS), patient privacy data, privacy breaches,  Health Information Technology for Economic and Clinical Health (HITECH) Act, defense attorney, defense lawyer, Florida health law attorney, Florida health lawyer

The Health Law Firm" is a registered fictitious business name of George F. Indest III, P.A. - The Health Law Firm, a Florida professional service corporation, since 1999.
Copyright © 1996-2012 The Health Law Firm. All rights reserved. 


Like this blog? Add your public comments:

Items in bold indicate required information.