Transparency is Key When Dealing with Health Information Breaches
Griffin President Patrick Charmel defends his hospital's practice of securing patient information in its Web site statement:
"Griffin Hospital has stringent policies, procedures, and systems in place to protect patient information and takes very seriously our obligation to safeguard the personal and health information of our patients," Charmel says. "This breach, however, appears to have been a deliberate intrusion into Griffin's PACS to view patient radiology reports. We acted quickly to complete an audit and investigation and to notify affected patients. As a result of this breach, steps are underway to further strengthen the security of patient information."
The HITECH breach notification requirements can be found in the interim final rule published in the Federal Register August 24, 2009.
The rule states that:
- Covered entities (CE) must notify affected patients "without unreasonable delay," but no later than 60 days after the CE discovers or should have discovered the breach or from the time a business associate (BA) notifies the CE of a breach
- BAs must notify CEs when they discover a breach
- Breaches affecting 500 or more patient records require notice to the secretary of HHS and prominent media outlets serving a state or jurisdiction
- Breaches affecting deceased patients required notice to next of kin
- Notices must describe what occurred; details of the unsecured, breached PHI; steps to help mitigate harm to patients; and the CE's response
- Breaches of unsecure PHI affecting fewer than 500 patient records require annual notice to the secretary of HHS 60 days after the end of the reporting year
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- MU Compliance Announcement Sparks Concern, Confusion
- Telehealth Improves Patient Care in ICUs
- Small Doesn't Mean Doomed
- Hospital M&A Volume Up, Value Down in 3Q
- Douglas Hawthorne—A Chance to Do Something Big
- The 5 Biggest Healthcare Finance Trouble Spots
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Why You Should Involve Patients in Nursing Handoffs