Proposed HIPAA harm threshold may provide balance

…The provision published August 24th in the Federal Register gives covered entities to prevent unnecessary breach notifications….

…”If you flood your patients with huge concerns, you’re going to open up a floodgate of problems in your organization where you really may not have had a risk to start with,” …

…HHS says in the interim final rule that many commenters on its draft guidance in April suggested that HHS add a “harm threshold such that an unauthorized use or disclosure of [PHI] is considered a breach only if the use or disclosure poses some harm to the individual.”…

In whose hands did the PHI land?
Can the information disclosed cause “significant risk of financial, reputational, or other harm to the individual”?
Was mitigation possible? For example, can you obtain forensic proof that a stolen laptop computer’s data was not accessed?

Health Leaders: HIPAA Harm Threshold Works, Say Providers

Proposed HIPAA harm threshold may provide balance

Leave a Comment

Recent Posts

Archives

Tags

Blogroll

Meta

Recent Comments