Large Patient Information Breaches Pass Century Mark
The number of entities reporting breaches of unsecured protected health information (PHI) affecting 500 or more individuals has hit the 100 mark and then some.
As of Friday, July 2, the number of entities reporting the egregious breaches to the government’s HIPAA privacy and security enforcer hit 107. The number of entities—listed on the Office for Civil Rights (OCR) breach notification website—has more than tripled since the enforcer first began posting them in February. The list has grown about 15 per month, or an entity every other day.
The list is required by HITECH, the American Recovery and Reinvestment Act of 2009 privacy subpart that includes greater breach notification requirements and more public scrutiny and increased fines for HIPAA violations.
The reporting requirement is included in the interim final rule on breach notification, which became effective on September 23, 2009.
Those regulations require:
- Notice to patients alerting them to breaches “without unreasonable delay,” but no later than 60 days after discovery of the breach
- Notice to covered entities (CE) by business associates (BA) when BAs discover a breach
- Notice to the secretary of HHS and prominent media outlets about breaches involving more than 500 patient records
- Notice to next of kin about breaches involving patients who are deceased
- Notices to include what happened, the details of the unsecured PHI that was breached, steps to help mitigate harm to the patient, and the CE’s response
- Annual notice to the secretary of HHS 60 days before the end of the calendar year about unsecure PHI breaches involving fewer than 500 patient records
- CVS Ramps Up Retail Clinics with Provider Affiliations
- 4 Tectonic Shifts Shaking Up Healthcare
- Medical Errors Third Leading Cause of Death, Senators Told
- As States Regulate Provider Competition, Common Threads Emerge
- Chronic Disease Care Costs Get Bipartisan Attention
- CareFirst Announces PCMH Program Results
- Mayo Tops U.S. News Best Hospitals Rankings
- Hospitals Seeking to Understand PPACA Impact Turn to Data
- Telemedicine Providers Welcome AMA Guidelines
- Roundtable: Life After a Healthcare Organization Acquisition