Guest Blogger: Jan McDavid is General Counsel and Compliance Officer at HealthPort, a Release of Information and Audit Management Technology company. You can read more of Jan’s posts on the HealthPort blog.
The following is a 4 part series of blog posts on the HIPAA Breach Notification Rules.
It is widely expected that Health and Human Service (HHS) final disclosure rules will mandate notification be done in every case. Should this occur as predicted, additional patient education will be needed to avoid the concerns mentioned above.
Further complicating matters is the fact that hospitals must adhere to HHS rules AND those at the state level. State laws in some cases are more onerous than federal laws and they continue to morph. Just trying to stay on top of all the changes may be reason enough to disclose every instance of breached information. Whether it contains protected health information (PHI) or not, some states require patient notification in every instance of the inadvertent release of certain i.d. information.
In next week’s post, we’ll cover whether small breaches are still reportable.
[…] next week’s post, we’ll cover the possible changes to the breach notification rules. Related ArticlesGuest Post: Current State of HIPAA Breach Notification – Notify […]
It’s absurd to think how the industry complains of measures required to safeguard patient information with only a tiny amount known/disclosed breaches and won’t openly acknowledge that a huge amount of compromise is unknown or deliberately undisclosed. Compliance is costly, obviously unenforceable, and ignored by too many…and there’s a whole lot of “catch me if you can” out there!
“Just trying to stay on top of all the changes may be reason enough to disclose every instance of breached information. Whether it contains protected health information (PHI) or not, some states require patient notification in every instance of the inadvertent release of certain i.d. information.”
– What a mess!