Providers: Prepare Your Breach Notification Policy!


On December 26, 2013, Adult & Pediatric Dermatology, a dermatology practice located in Massachusetts, agreed to pay a $150,000 fine after it lost an unencrypted thumb drive containing over 2,000 patients’ health records, and for its failure to institute HITECH’s breach notification requirements in response to the loss. According to the notice on the Department of Health and Human Services’ (“HHS”) website, the practice also did not have in place breach notification and training policies and procedures required under HITECH.

Providers must have proper breach notification and training policies and procedures in place in order to identify and mitigate risk to protected health information. Further, providers must make it a priority to secure electronic protected health information by, for example, encrypting hard drives.

Regarding the incident, “An ounce of prevention is worth a pound of cure” said the Director of the HHS Office of Civil Rights.

Topics:  Breach Notification Rule, Data Breach, Data Protection, HHS, HITECH, PHI

Published In: Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Dickinson Wright | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »