Breach notification regulations take effect, HIPAA-covered entities to notify affected individuals if PHI is breached

Today breach notification regulations take effect under the HITECH Act. HIPAA-covered entities, including healthcare providers and business associates, are now required to notify affected individuals, the Secretary of Health and Human Services and sometimes the media, if a patient's unsecured protected health information (PHI) is breached. With these new rules in place and healthcare breaches accounting for over 66 percent of all records breached this year (according to Identity Theft Resource Center), ID Experts, the leader in data breach remediation, recommends that organizations evaluate their readiness and existing safeguards and put an incident response plan in place now. To help them get started immediately, ID Experts is offering a complimentary tool called Breach HealthCheck(TM) to assist organizations in establishing a Breach HealthCheck Index to evaluate whether their existing protections of sensitive patient information are adequate given their business exposure to data breach.

Breach HealthCheck

Breach HealthCheck is available free-of-charge for a limited time, for organizations that are subject to the new HITECH rules, by calling 1-866-726-4271 or by emailing [email protected]. The patent-pending tool, now available in an online version, is designed to measure an organization's business exposure and protection level. Using a mathematical model, Breach HealthCheck produces an index that measures an organization's business risk, preparedness and protection against the growing threat of breach incidents, so that organizations can take action.

"Patients trust healthcare organizations with their lives and they need to be able to trust them with their personal health information," said Bob Gregg, CEO of ID Experts. "Developing a comprehensive incident response plan has become a best practice for healthcare organizations. It is critical in managing the security of their organization and the privacy of their patients."

Breach Incident Response Plan

The Department of Health and Human Services will begin to impose strict penalties and increased fines for violations when the breach notification rule is enforced in February 2010; however, healthcare organizations need to be in compliance with the new rules as of today. Companies need to work quickly to put an incident response plan in place to ensure they are prepared in the event of a data breach. Breach risks can be minimized by executing a well-planned response at every stage of the data breach life cycle. ID Experts' Incident Response Plan supports organizations and their legal resources through the HHS required post-incident risk assessment to determine if the level of harm incurred is considered a breach and requires notification. Additionally, the Incident Response Plan outlines the notification process and the HHS logging and reporting of breaches. With the ID Experts' Incident Response Plan, organizations can streamline their data breach response; avoid or minimize damage to individuals; meet industry and regulatory requirements; and avoid or minimize risk of similar breaches in the future.

"Compliance is becoming more complex. The HITECH Act and HHS/FTC Rules make data breach assessment and notification more challenging," said Tanya L. Forsheit, Esq., CIPP, Member, InfoSecCompliance LLC. "Now is the time for organizations to take the extra step of putting together an incident response plan to ensure follow-through compliance with the new regulations."

Source: http://www.idexpertscorp.com

Comments

The opinions expressed here are the views of the writer and do not necessarily reflect the views and opinions of News Medical.
Post a new comment
Post

While we only use edited and approved content for Azthena answers, it may on occasions provide incorrect responses. Please confirm any data provided with the related suppliers or authors. We do not provide medical advice, if you search for medical information you must always consult a medical professional before acting on any information provided.

Your questions, but not your email details will be shared with OpenAI and retained for 30 days in accordance with their privacy principles.

Please do not ask questions that use sensitive or confidential information.

Read the full Terms & Conditions.

You might also like...
Study reveals AI's potential and pitfalls in medical diagnosis