Transparency is Key When Dealing with Health Information Breaches
Griffin President Patrick Charmel defends his hospital's practice of securing patient information in its Web site statement:
"Griffin Hospital has stringent policies, procedures, and systems in place to protect patient information and takes very seriously our obligation to safeguard the personal and health information of our patients," Charmel says. "This breach, however, appears to have been a deliberate intrusion into Griffin's PACS to view patient radiology reports. We acted quickly to complete an audit and investigation and to notify affected patients. As a result of this breach, steps are underway to further strengthen the security of patient information."
The HITECH breach notification requirements can be found in the interim final rule published in the Federal Register August 24, 2009.
The rule states that:
- Covered entities (CE) must notify affected patients "without unreasonable delay," but no later than 60 days after the CE discovers or should have discovered the breach or from the time a business associate (BA) notifies the CE of a breach
- BAs must notify CEs when they discover a breach
- Breaches affecting 500 or more patient records require notice to the secretary of HHS and prominent media outlets serving a state or jurisdiction
- Breaches affecting deceased patients required notice to next of kin
- Notices must describe what occurred; details of the unsecured, breached PHI; steps to help mitigate harm to patients; and the CE's response
- Breaches of unsecure PHI affecting fewer than 500 patient records require annual notice to the secretary of HHS 60 days after the end of the reporting year
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Ebola: Health Officials Try to Quell Front Line Fears
- Reducing Readmissions Starts with Better Collaboration
- Ebola: A New Normal in Dallas
- Partners HealthCare M&A Deal Under Scrutiny
- Readmissions: No Quick Fix to Costly Hospital Challenge
- How Educated Nurses Save Money
- As virus spreads, insurers exclude Ebola from new policies
- 'Overtreatment' Debate Circles Back to Lung Cancer Screening
- After Ebola patient cured, NE hospital takes cautions anew
- Defensive Medicine Still Prevalent Despite Tort Reform