Guest Blogger: Jan McDavid is General Counsel and Compliance Officer at HealthPort, a Release of Information and Audit Management Technology company. You can read more of Jan’s posts on the HealthPort blog.
The following is a 4 part series of blog posts on the HIPAA Breach Notification Rules.
It is widely expected that Health and Human Service (HHS) final disclosure rules will mandate notification be done in every case. Should this occur as predicted, additional patient education will be needed to avoid the concerns mentioned above.
Further complicating matters is the fact that hospitals must adhere to HHS rules AND those at the state level. State laws in some cases are more onerous than federal laws and they continue to morph. Just trying to stay on top of all the changes may be reason enough to disclose every instance of breached information. Whether it contains protected health information (PHI) or not, some states require patient notification in every instance of the inadvertent release of certain i.d. information.
In next week’s post, we’ll cover whether small breaches are still reportable.