Physicians
Industry Insight
Breakthroughs Reports
Events
Departments
- Leadership
- Finance
- Technology
- Physicians
- Community Hospitals
- Health Plans
- Marketing
- Quality
- Nursing
- HR
- Service Lines
Privacy Act Protects Some Practices With Patient Data Breaches
The Office for Civil Rights (OCR) cited a 36-year-old privacy law as the reason why it cannot post on its breach notification Web site the names of private practitioners who report breaches of unsecured PHI affecting 500 or more individuals.
OCR writes in an e-mail to HealthLeaders Media that private practitioners who report these major breaches of unsecured PHI are considered "individuals" as defined by the Privacy Act of 1974.
Therefore, these "individuals" can stop OCR from posting its name on its breach notification Web site if the "individual" does not provide written consent. In those cases, OCR lists the entities as "private practice."
"It is the legal opinion of HHS that the names of private practitioners are identifiable as 'individuals,' as defined by the Privacy Act of 1974," OCR writes to HealthLeaders Media.
As of today, April 12, 59 entities reported breaches of 500 or more, eight of which were listed as "private practice." That nearly doubles the initial report of 32 reporting entities when OCR made its Web site public in late February.
Though OCR did not cite the actual disclosure provision from the Privacy Act of 1974, here is the language in the 552a, subsection (b) section of the Act:
"No agency shall disclose any record which is contained in a system of records by any means of communication to any person, or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains …"
Kate Borten, CISSP, CISM, president of the The Marblehead Group, says the privacy argument here would seem moot since each entity, per HITECH, must notify each of the 500 or more affected individuals in the breach via a letter as well as through the media.
HITECH is part of a sweeping set of changes to HIPAA enforcement and breach notification included in the American Recovery and Reinvestment Act of 2009, signed into law February 17, 2009.
Congress included the more strict provisions for privacy and security protections and made enforcement tougher by including potential public scrutiny on government Web sites.
However, Borten says not posting the names of each entity "defeats the purpose of public posting. I doubt this is what Congress had in mind."
HealthLeaders Media asked OCR in an e-mail why these "private practices" are not subject to the same public scrutiny as the other entities listed on its Web site.
OCR did not respond directly to the inquiry, only citing the Privacy Act of 1974.
"This application of the Privacy Act may not be what Congress intended, but as healthcare entities are required to comply with an increasing number of laws and regulations, there will inevitably be unintended and unforeseen conflicts between laws," says Jana Aagaard, attorney in the Law Office of Jana Aagaard in Carmichael, CA. "This is an example of the unintended consequences that often accompany new regulations."
Dom Nicastro is a senior managing editor at HCPro, Inc. in Marblehead, MA. He edits the Briefings on HIPAA and Health Information Compliance Insider newsletters. E-mail him at dnicastro@hcpro.com.
- CMS Hears Provider Concerns Over 'Observation' Status
- Revealed: Why Health Providers Avoid Vaccines
- ONC Names First EHR Certification Bodies
- VA Issues Final Rule on Agent Orange Exposure
- Nurse Residency Programs Pay For Themselves
- Kentucky Fried Health Plan
- 5 Technologies to Make Surgery Safer
- HHS Kicks Off Early Retiree Reinsurance Program
- 3 Reasons to Market Your ED Wait Times
- Employer's Guide to Healthcare Reform Law
pariuri (8/12/2010 at 10:59 AM)
Considerably, the article is in reality the greatest on this noteworthy topic. I agree with your conclusions and will eagerly look forward to your next updates. Saying thanks will not just be sufficient, for the wonderful clarity in your writing. I will immediately grab your rss feed to stay privy of any updates. Pleasant work and much success in your business dealings! http://best-pariuri-online.com http://best-pariuri-online.com/Live-Score.php http://best-pariuri-online.com/Meciuri-online[INVALID]-Live-streams.php http://gold-poker-online.com http://gold-poker-online.com/PokerStars.php
mlb jerseys (5/29/2010 at 11:55 AM)
100% Authentic quality gurrantee,3 days free shipping.
World cup soccer jerseys is coming, hot sell soccer jerseys recently.
we are the wholesale jersey company from china, mainly selling nfl jerseys,
mlb jerseys, and cheap soccer jerseys.
all our jerseys are made in embroidered. and top good quality. nowdays, we have so many customers doing wholesale nfl
jerseys, wholesale soccer jerseys,
wholesale mlb jerseys from us, especialy for the orders in usa, uk, australia, canada, and another euro countries.
wecome for retail orders and wholesale orders of cheap nfl jerseys,
cheap mlb jerseys, 2010 new nfl jerseys hot sell.
we believe we are your best choice.
hey, do u want to have a straightening hair style?
why are u hestitate!!
come to our website to buy cheap ghd, ghd hair
straighteners online.
we are special ghd website for ghd purple,
ghd straighteners.
welcome for wholesale ghd orders online. yours satisfied is our honor.
cheap ghd
cheap ghd hair straighteners here, get much discount
ghd. surprise so much.
please chlick here to our website.
dresses (4/23/2010 at 1:46 AM)
Nationwide bridal salon offers bridal and wedding gowns, bridesmaid dresses,
flower girl dresses, tuxedos, and other special occasion apparel. Site includes a bridal
links london
links of london
prom dresses