Providers And Privacy Groups Confused Over Tentative Security DefinitionCenter for Public Integrity: Tentative Security Definition Confuses Health Care Providers, Privacy Groups
Doctors, hospitals and insurance companies using electronic health records are required by law to report security breaches to patients and the government - but only after they have done their own risk assessment to determine whether the breaches posed "significant harm" to patients. This standard, established as a temporary regulation by the Department of Health and Human Services' Office for Civil Rights, came under sharp criticism by Congress and privacy advocates when it was released Aug. 24, 2009. The term "significant harm" is subjective, they say, and skirts adequate transparency on the side of the health industry (Leonard, 6/29). This is part of the KHN Morning Briefing, a summary of health policy coverage from major news organizations. Sign up for an email subscription.