With No Harm Threshold, Nearly All Breaches Substantiated in CA
"Some things we do out of an abundance of caution, because there's really little or no downside to doing so," Drummond adds. "Here, there really is a potential downside for giving warnings that aren't really necessary."
However, Drummond said he would not be surprised if the harm threshold were eliminated because Congress did not intend for it to be included in the final breach notification structure.
According to the interim final rule, covered entities and their BAs will perform a risk assessment to determine if there is significant risk of harm to the individual whose PHI was inappropriately dispensed into the wrong hands.
According to the interim final rule, the important questions are:
- In whose hands did the PHI land?
- Can the information disclosed cause "significant risk of financial, reputational, or other harm to the individual"?
- Was mitigation possible? For example, can you obtain forensic proof that a stolen laptop computer's data was not accessed?
When asked this week by HealthLeaders Media if it were considering removing the harm threshold, OCR deferred to its earlier statement posted on its website.
"This is a complex issue, and the administration is committed to ensuring that individuals' health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur," OCR said of its reason to further review the breach notification final rule.
California, meanwhile, continues to operate without a harm threshold and as of May 31, the state has been able to investigate 51.8 percent of the cases reported.
- Federal Appeals Court Mulls Observation Status
- How One Health System Saved $3.5M in Benefits Costs
- How the Military's EHR Reboot Will Impact Interoperability
- HCA to Acquire CareNow Urgent Care Centers
- BCBS Tries New Drug Contracting Model
- 'Leadership Gap' Threatens MU Momentum, Says AMA
- Abington Health, Jefferson Health Plan '100% Equal' Merger
- Dental Board Case Before SCOTUS Has Far-Reaching Implications
- Ballot Initiative Pits Providers Against Payers in SD
- The Case for Recycling Surgical Supplies