The updated website of the HHS Office for Civil Rights--the office responsible for enforcing HIPAA privacy and security provisions--no longer is protecting the anonymity of private practices reporting data breaches that affect 500 or more patients. Interestingly, the site went live July 8, the same day HHS released a proposed rule to tighten HIPAA privacy and security regulations. OCR reportedly said in a Federal Register notice last week that it needs to change the way OCR stores and reports information to conform with the American Recovery and Reinvestment Act. One way is to reclassify posting of those that report large breaches a "routine use." Article