Technology
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

OCR Patient Data Breach List Hits Milestone

Dom Nicastro, for HealthLeaders Media, January 24, 2011

The interim final rule requires:

  • Notice to patients alerting them to breaches “without unreasonable delay,” but no later than 60 days after discovery of the breach
  • Notice to covered entities (CE) by business associates (BA) when BAs discover a breach
  • Notice to the secretary of HHS and prominent media outlets about breaches involving more than 500 patient records
  • Notice to next of kin about breaches involving patients who are deceased
  •  Notices to include what happened, the details of the unsecured PHI that was breached, steps to help mitigate harm to the patient, and the CE’s response
  • Annual notice to the secretary of HHS 60 days after the end of the calendar year about unsecure PHI breaches involving fewer than 500 patient records

Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Comments are moderated. Please be patient.

1 comments on "OCR Patient Data Breach List Hits Milestone"


Derek Beckwith (1/25/2011 at 11:41 AM)
Thanks for this article [INVALID] we posted a link to it on Identity Theft Daily News (www.idtheftdailynews.com) our news portal that highlights the day's best stories on data breaches, compliance and identity theft. While this article cites some great statistics, it is important to remember that the vast majority of breaches continue to go unreported. In the health care industry alone, according to two consecutive annual surveys of hospital executives by Identity Force (www.identityforce.com), over 40% of hospitals have 10 or more data breaches every year, and over 20% have more than 20 breaches annually [INVALID] yet only a handful are reported to state and federal regulators. A copy of the latest survey can be found at www.identityforce.com/Press.php. Medical identity theft will continue to be the fastest growing form of identity fraud until hospitals get breaches under control.