No harm threshold, but plenty of breach reports
HIPAA Weekly Advisor, August 30, 2010
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
California, the state that enacted a precedent-setting privacy law in 2009, fields more than 220 notifications of potential breaches from licensed facilities per month, according to numbers released last week to HIPAA Weekly Advisor by the state’s Department of Public Health (CDPH).
From January 1, 2009, when law AB 211 went into effect, through May 31, 2010, entities have reported a total of 3,766 breaches. The law requires healthcare providers to prevent unlawful access, use, or disclosure of patients’ medical information and to report violations to CDPH and the individuals affected.
The CDPH, which enforces the law, is notified of more than seven breaches each day. While California law calls for licensed entities to report any and all potential breaches, federal regulation currently allows providers a backdoor out.
In the HITECH interim final rule on breach notification, providers through the “harm threshold” provision may conduct a risk assessment to see if the potential breach causes a significant risk of financial, reputational or other harm to the patient.
If it doesn’t, no notification is required.
Read the full story on HIPAA Update.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched