With No Harm Threshold, Nearly All Breaches Substantiated in CA
California, the state that signed a precedent-setting privacy law, fields more than 220 notifications of potential breaches from licensed facilities per month, according to numbers released by the state's Department of Public Health.
From January 1, 2009, when law AB 211 went into effect, through May 31, 2010, entities have reported a total of 3,766 breaches. The law calls for health providers to prevent unlawful access, use, or disclosure of patients' medical information and to report violations to DPH and the individuals affected.
The California Department of Public Health (CDPH), which enforces the law, receives notification of a little more than seven breaches a day. While California law calls for licensed entities to report any and all potential breaches, federal regulation currently allows providers a backdoor out.
In the HITECH interim final rule on breach notification, providers through the "harm threshold" provision may conduct a risk assessment to see if the potential breach causes a significant risk of financial, reputational or other harm to the patient.
If it doesn't, no notification is required.
Congress did not write this into the HITECH Act. But the Office for Civil Rights (OCR), which on the federal level enforces the HIPAA privacy and security rules, included it through regulation.
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- 3 Traits Personality Assessments Can't Reveal
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- CHS Hacked, 4.5M Patient Records Compromised
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- Business Roundup: M&A Activity Down Slightly in First Half of 2014
- CFO Exchange: Healthcare Leaders Share 5 Innovative Ideas
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Large Employers Trimming Healthcare Spending
- 3 Things the Ice Bucket Challenge Can Teach Hospital Marketers