The American Hospital Association says that the law requiring hospitals to notify patients of breaches of their confidential health information should allow hospitals to gauge the level of potential harm to patients before deciding whether to send out notices.
Groups that disagree with the AHA, such as Consumer Watchdog, say such an interpretation of the law is flawed and too permissive. The debate comes in response to HHS' 32-page proposed interpretation of Congress' breach notification provisions contained in the American Recovery and Reinvestment Act of 2009.
AHA Executive Vice President Richard Pollack told the federal rulemaking board in a six-page Oct. 23 letter that Congress intended to allow hospitals to perform a risk analysis before deciding internally whether to notify affected patients. The hospital association says notifying patients of every slight breach committed by hospitals, physicians and other “covered entities” and contractors would be an onerous administrative burden for hospitals that could also serve to confuse patients receiving “countless notices of breaches” that do not pose harm.