No Final Guidance on Unsecure PHI—Yet
HHS failed to meet its August 18 HITECH Act deadline for final guidance on unsecure PHI.
Talk about "unsecure PHI" talk comes down to this—if patient information escapes your backdoor, is it protected by these standards? If it is, then you've got a "safe harbor" for avoiding breach notification.
If it isn't, then you're talking breach notification—to the individual, HHS, and possibly local media (the latter if it involves at least 500 patient records).
John C. Parmigiani, president of John C. Parmigiani & Associates, LLC, in Ellicott, MD, says encryption of patient records today is a necessity rather than an "add-on." He adds that patients now have a "growing concern" for the appropriate safeguarding of their personal and medical information and are calling for organizations to mitigate data leakages and losses.
"The need to encrypt and the provision to notify have become standard ingredients of the many state data protection laws," Parmigiani says. "They have been reinforced by not only the recent CMS report of its findings from the 'Security Rule compliance reviews' but also in the original HITECH wording and the subsequent HHS guidance in April."
- MU Slides into Summer of Discontent
- Doc Shortage 'Fix' Is a Disaster Waiting to Happen
- Physician Pay Increasingly Linked to Value-based Metrics
- 2015 OPPS Proposed Rule Detailed
- Advanced EHRs Save 10% Per Patient, Study Says
- Critical Times for Small and Rural Hospitals
- Fees Lurk in Health Plans' Shift to e-Payments
- ACGME Chief Sees 'Huge' Risk of Error in Proposed Assistant Physician Licensure
- Providence, Swedish Health Launch Employer-Driven ACO
- 4 Hot Healthcare Exec Titles; 1 Not