Transparency is Key When Dealing with Health Information Breaches
Griffin President Patrick Charmel defends his hospital's practice of securing patient information in its Web site statement:
"Griffin Hospital has stringent policies, procedures, and systems in place to protect patient information and takes very seriously our obligation to safeguard the personal and health information of our patients," Charmel says. "This breach, however, appears to have been a deliberate intrusion into Griffin's PACS to view patient radiology reports. We acted quickly to complete an audit and investigation and to notify affected patients. As a result of this breach, steps are underway to further strengthen the security of patient information."
The HITECH breach notification requirements can be found in the interim final rule published in the Federal Register August 24, 2009.
The rule states that:
- Covered entities (CE) must notify affected patients "without unreasonable delay," but no later than 60 days after the CE discovers or should have discovered the breach or from the time a business associate (BA) notifies the CE of a breach
- BAs must notify CEs when they discover a breach
- Breaches affecting 500 or more patient records require notice to the secretary of HHS and prominent media outlets serving a state or jurisdiction
- Breaches affecting deceased patients required notice to next of kin
- Notices must describe what occurred; details of the unsecured, breached PHI; steps to help mitigate harm to patients; and the CE's response
- Breaches of unsecure PHI affecting fewer than 500 patient records require annual notice to the secretary of HHS 60 days after the end of the reporting year
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Drug Pricing 'Tantamount to Greed,' Lawmaker Says
- CVS Ramps Up Retail Clinics with Provider Affiliations
- Study Puts Spotlight on Preventing Fall-Related Injuries
- Wanted: Nurse PhDs
- Surgical Checklists Unused in 10% of Hospitals, CMS Data Shows
- The Infection-Busting Treatment Payers Don’t Want to Talk About
- Contradictory Obamacare Rulings Issued by Appellate Courts
- 4 Tectonic Shifts Shaking Up Healthcare
- As HIPAA Breaches Accelerate, Tools Lag
- Doctors Feel Pressure to Accept Risk-based Reimbursement