With No Harm Threshold, Nearly All Breaches Substantiated in CA
"Some things we do out of an abundance of caution, because there's really little or no downside to doing so," Drummond adds. "Here, there really is a potential downside for giving warnings that aren't really necessary."
However, Drummond said he would not be surprised if the harm threshold were eliminated because Congress did not intend for it to be included in the final breach notification structure.
According to the interim final rule, covered entities and their BAs will perform a risk assessment to determine if there is significant risk of harm to the individual whose PHI was inappropriately dispensed into the wrong hands.
According to the interim final rule, the important questions are:
- In whose hands did the PHI land?
- Can the information disclosed cause "significant risk of financial, reputational, or other harm to the individual"?
- Was mitigation possible? For example, can you obtain forensic proof that a stolen laptop computer's data was not accessed?
When asked this week by HealthLeaders Media if it were considering removing the harm threshold, OCR deferred to its earlier statement posted on its website.
"This is a complex issue, and the administration is committed to ensuring that individuals' health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur," OCR said of its reason to further review the breach notification final rule.
California, meanwhile, continues to operate without a harm threshold and as of May 31, the state has been able to investigate 51.8 percent of the cases reported.
- Few Winners Among MSSP Participants
- Technology Lights Up Health Innovation Forum
- Anthem Blue Cross, 7 CA Health Systems Create New Challenger, Business Model
- Data Points to Boom in Private HIX
- NCQA Releases Annual Health Plan Rankings
- How much does that x-ray cost? You can find out in NH
- EHR Systems 'Immature, Costly,' AMA Says
- When a hospital closes
- Administration: 7.3M now enrolled in Obamacare
- US health system among least efficient before Obamacare