HITECH requires health-care organizations to notify the Department of Health and Human Services (HHS) and the media when a breach involves 500 people or more. This notification is thought to be a deterrent against violating this act.
But there is a loophole in the final version. A health-care organization can determine after whether any breach actually harmed anyone. If not and there is no potential for harm, there is no disclose is required.
Will this mean that disclosures are few and far between? We will have to wait and see when it goes into effect this fall. [full story]
But there is a loophole in the final version. A health-care organization can determine after whether any breach actually harmed anyone. If not and there is no potential for harm, there is no disclose is required.
Will this mean that disclosures are few and far between? We will have to wait and see when it goes into effect this fall. [full story]
Labels: disclosure rule, healthcare, HITECH
