The Security Scrutinizer with Howard Anderson

Breach Notification Advice Offered

Breach Notification Advice Offered

The site now features an updated version of a risk assessment tool to help hospitals, clinics, insurers and other covered entities determine whether to report a breach incident to comply with the HITECH Act's breach notification rule.

The tool includes an extremely detailed, step-by-step checklist to help organizations determine if a breach poses a "significant risk." And that's helpful, given that federal regulators are largely leaving it up to healthcare organizations to determine if the risk involved merits notification.

The tool includes an extremely detailed, step-by-step checklist to help organizations determine if a breach poses a significant risk. 

The breach rule's "harm threshold" provision has proven controversial, with some privacy advocates arguing that it gives healthcare organizations far too much latitude in choosing what breaches to report.

To prepare for the task of measuring the risk posed by a breach, healthcare organizations must "create a well-defined risk analysis process," says Tom Walsh, president of Tom Walsh Consulting LLC, an Overland Park, Kan.-based firm specializing in healthcare data security issues. "Now is the time to get that done."

The alliance's updated risk assessment tool will come in handy for this effort. The group also offers reports offering guidance on writing business associate agreements, managing information on portable devices and other timely topics.

The not-for-profit consortium, designed first and foremost to help North Carolina healthcare organizations adopt I.T., deserves credit for offering advice of value to facilities from coast to coast.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.