Protect Our Health Privacy Act

Protect Our Health Privacy Act - Amends the American Recovery and Reinvestment Act of 2009 (ARRA) to expand requirements for reports to Congress on acquisition or disclosure of unsecured protected health information in a breach to include: (1) descriptions of types of such information involved in each breach; and (2) the identity of the covered entity involved in each breach or, if the breach affected fewer than 500 individuals, the kind of covered entity involved.

Revises requirements for the annual compliance report concerning informally resolved complaints of violations relating to privacy and security of health information to require: (1) a summary of the most common types of complaints resolved, (2) statements of the average amount of time between receipt of a complaint to its resolution by category and examples, (3) additional reporting of federal and state enforcement actions and priorities.

Requires the Attorney General to report annually to Congress, and to publish, a study of complaints of alleged violations concerning wrongful disclosure of individually identifiable health information referred to the Department of Justice (DOJ) by the Department of Health and Human Services (HHS), the Federal Bureau of Investigation (FBI), or another state or federal agency.

Includes portable media devices in guidance issued by the Secretary concerning technologies and methodologies rendering protected health information unusable by unauthorized individuals. Directs the Secretary to issue regulations requiring covered entities and their business associates to render protected health information stored on such media unusable by unauthorized individuals.

Provides rules for application of regulations concerning health information privacy to use by business associates of covered entities.

Amends the Public Health Service Act to require the Secretary to issue regulations to improve the safety, interoperability, and utility of health information technology systems, including: (1) a system to track the effect of health information technology on patients' health, and (2) minimum quality and risk management requirements for technology vendors.

Requires promulgation of regulations by an HHS-designated agency concerning a health information technology adverse health event reporting program and database and reports by such agency on its findings to industry and policymakers.