Feedback Form
Join, Follow & Connect
Join Modern Healthcare's LinkedIn group Follow Modern Healthcare on Twitter Join Modern Healthcare's Facebook group Join Modern Healthcare's Flickr group Get a Modern Healthcare news feed
 
 
Comment Buy Reprints Print Article Share on LinkedIn Share on Facebook Share on Twitter Email this page to a colleague
Healthcare Business News
 

AHA stands by harm clause in breach notification rule


By Joe Carlson
Posted: October 28, 2009 - 11:00 am ET
Tags:

Contrary to assertions from its critics, the American Hospital Association says that the law requiring hospitals to notify patients of breaches of their confidential health information does allow hospitals to gauge the level of potential harm to patients before deciding whether to send out notices.

Consumer Watchdog, a Washington consumer advocacy group, says such an interpretation of the law is flawed and too permissive for hospitals that allow patient information to be breached. The debate comes in response to HHS' 32-page proposed interpretation of Congress' breach notification provisions contained in the American Recovery and Reinvestment Act of 2009.

In comments to an HHS rulemaking board, Consumer Watchdog said the law was being watered-down by allowing hospitals to internally assess how much risk of actual harm such breaches pose to patients before deciding whether to notify them. The Coalition for Patient Privacy sided with the watchdog group in an Oct. 23 letter to HHS.

“We are dismayed and disappointed with the (interim final rule), particularly with the inclusion of a ‘harm standard.' HHS went far beyond the intent of Congress. This is a real blow to accountability and transparency,” said Ashley Katz, executive director of Patient Privacy Rights, the organization that leads the coalition.

However, AHA Executive Vice President Richard Pollack told the federal rulemaking board in a six-page Oct. 23 letter that Congress' law does indeed allow hospitals to perform a risk analysis, as evidenced by the statutory definition of breach as “the unauthorized acquisition, access, use or disclosure of protected health information which compromises the security or privacy of such information.”

“This language,” Pollack wrote, “contemplates the need for some determination of whether there is a risk of harm. … An acquisition, access, use or disclosure that does not compromise the security or privacy of the information is not a breach.”

The hospital association says notifying patients of every slight breach committed by hospitals, physicians and other “covered entities” and contractors would be an onerous administrative burden for hospitals that could also serve to confuse patients receiving “countless notices of breaches” that do not pose harm.

Please take our Health IT Strategist reader poll on this topic.
Advertisement | View Media Kit
 

Search ModernHealthcare.com:

Daily Dose MH Alert MH AM HITS Modern Physician Most Requested Advance Notice
LinkedIn Amazon Kindle Twitter Facebook Flickr News Feeds
Modern Healthcare is part of Crain Communications, Inc., one of the largest privately owned business publishers in the U.S., with more than 27 leading business, trade and consumer publications and related websites in North America, Europe and Asia. For more information, visit Crain.com
Advertising Age
Automobilwoche
Automotive News
Automotive News Europe
Autoweek
BtoB
 Business Insurance
Crain's Chicago Business
Crain's Cleveland Business
Crain's Detroit Business
Crain's New York Business
Creativity
 European Plastics News
European Rubber Journal
InvestmentNews
Media Business
Modern Physician
Pensions & Investments
 Plastics News
Plastics News China
Plastics & Rubber Weekly
Rubber & Plastics News
shopautoweek.com
Staffing Industry Analysts
 TelevisionWeek
Tire Business
Urethanes Technology International
Waste & Recycling News
Workforce