Health Information Management

HIPAA harm threshold works, say providers

HIM-HIPAA Insider, February 15, 2010

HHS’ “harm threshold” standard in its interim final rule on breach notification will prevent healthcare organizations from overwhelming patients with unnecessary breach notification responses, according to providers who work with privacy and security.

At the 18th annual National HIPAA Summit February 5, Judi Hofman, CAP, CHP, CHSS, privacy/information security officer for Cascade Healthcare Community at St. Charles Medical Center in Bend, OR, and Debbie Mikels, corporate manager, confidentiality for Partners Healthcare System in Boston, said the provision published in the August 24 Federal Register gives covered entities the power to prevent unnecessary notifications.

“If you flood your patients with huge (breach) concerns, you’re going to open up a floodgate of problems in your organization where you really may not have had a risk to start with,” Hofman said.

The panelists at the three-day seminar at the Wardman Park Hotel in Washington, DC, responded to a question from an attendee on the controversial harm threshold after their presentation, “HIPAA Privacy and Security Compliance Professional Roundtable: Advanced Issues in HIPAA Compliance.”

HHS says in the interim final rule that many commenters on its draft guidance released in April suggested that HHS add a “harm threshold such that an unauthorized use or disclosure of [PHI] is considered a breach only if the use or disclosure poses some harm to the individual.”

Now, covered entities and their BAs will perform a risk assessment to determine if the individual whose PHI was inappropriately dispensed into the wrong hands faces a significant risk of harm.

Read the full story on HIPAA Update.

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular