Identity Theft Solution
Healthcare Debate Gets into Data Breach Provisions
07 Oct
Posted by: Admin in: Identity Theft Articles
There appears to be some level of controversy that has been stirred up in a less followed area of the healthcare debate than single payer, that associated with the privacy of health information. The Department of Health and Human Services just released its rules for healthcare organizations to follow the data breach notification provisions of the HITECH Act.
In the rules, they have established a “harm threshold” which is self-assessed by the healthcare organization, and directed that in the case of a data breach incident, that notification of the individuals, the public and their agency ONLY needs to occur if they have determined that their is significant risk of financial, reputational or other harm to those affected by the data loss.
This past week, the House Committee on Energy and Commerce voiced concern over the addition of this provision. They indicated that it was not the intent of the legislation to provide for notification in the case of a data breach incident only in cases where harm can be proved, but rather for all data breach incidents. Presumably to act as a deterrent to organizations with lax practices, as well as to ensure that individuals can practice due care, even in cases where there may be little chance of real harm.
Network World reported in their article titled “House members seek stronger health care data breach notifications, ‘Harm threshold’ runs counter to Congress’ intent” that:
“In a letter dated Oct. 1, members of the House committee asked HHS Secretary Kathleen Sebelius to revise or repeal the new provision at the ’soonest appropriate opportunity’. The letter, signed by the chairman of the committee, Rep. Henry Waxman (D-Calif.) and others, noted that the new harm threshold provision runs counter to Congress’ intent in passing the breach notification bill. The bill’s statutory language does not imply a harm standard, Waxman wrote. In fact, in drafting the bill, Congress had explicitly rejected the idea of including such a provision because of the ‘breadth of discretion’ it would have given a breached entity, the letter said.”
It is terrific to see Congress trying to do the right thing, when it comes to the privacy of protected health information (PHI). I’m hopeful that HHS will see the wisdom in revising their rules for the benefit of all of us that rely on the American healthcare system.
Similar Posts:
- Identity Theft, Data Breaches and Non-Compliance with Government Regulations is a Growing Epidemic in Healthcare
- HITECH Act Breach Notification Deadlines Are Here
- Confusing and Ineffective Data Breach Regulations Cause Problems for Both Businesses and Consumers
- Red Flag Rules delayed … yes, again
- Express Script hackers update: 1,700 added to victim list
Search
Popular Posts
- 10 Unbelievable Yet True Identity Theft Stories
- Almost 100 people charged in US and Eygiptian ID Theft Ring
- 10 Unbelievable Yet True Identity Theft Stories
- Microsoft Live ID Phishing Illustrates the Dangers of Federated Identity
- Child ID theft detection and protection
- LifeLock reviews: My firsthand account
- Change your Passwords- Accounts Compromised and Good Practice
- How To Prevent Identity Theft Online
Leave a reply