OCR Patient Data Breach List Hits Milestone
Dom Nicastro, for HealthLeaders Media, January 24, 2011
The interim final rule requires:
- Notice to patients alerting them to breaches “without unreasonable delay,” but no later than 60 days after discovery of the breach
- Notice to covered entities (CE) by business associates (BA) when BAs discover a breach
- Notice to the secretary of HHS and prominent media outlets about breaches involving more than 500 patient records
- Notice to next of kin about breaches involving patients who are deceased
- Notices to include what happened, the details of the unsecured PHI that was breached, steps to help mitigate harm to the patient, and the CE’s response
- Annual notice to the secretary of HHS 60 days after the end of the calendar year about unsecure PHI breaches involving fewer than 500 patient records
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Will More Pioneer ACOs Defect?
- Charity HealthCare Conundrum Brewing Among Providers
- Interventional Radiology No Longer a Sub-Specialty
- MU Final Rule Disappoints Some CIOs
- Evidence-Based Practice and Nursing Research: Avoiding Confusion
- NFP Hospitals' Revenue Growth at 'All-Time Low'
- CNO Leads $1M Charge for New Scrubs, Uniforms
- Acute Kidney Injury Gets New Focus
- mHealth Tackles Readmissions
- Transforming Cancer Care