Tag Archives for: "Privacy officer"

The Newest Standard for Notifying Patients of a PHI Breach

Before the HIPAA Omnibus Rule went into effect last year, the standard for determining whether or not patients needed to be notified in the event of a breach of Protected Health Information (PHI) was pretty subjective.  If, for instance, a computer with PHI  of 3000+ patients was stolen from a small practice, it was the responsibility of the practice’s Privacy Officer to assess whether the theft was likely to result in harm to any patient’s reputation or bank account. If the answer was “yes,” then the breach had to be reported and the patients notified. The trouble with that standard […]

Read more »

HIPAA Risk Assessment: Lessons from General Motors

For healthcare providers who’ve been putting off doing a risk assessment and developing a mitigation plan, Mary Barra, the CEO of General Motors, could make a compelling case against that kind of procrastination. If ten years earlier GM had identified the ignition switch in last year’s headlines as a potentially deadly defect and taken steps then to fix it, it could have saved at least 13 lives, prevented the company from having to pay $35 million in government fines and untold millions more from civil lawsuits, made the recall of 2.6 million vehicles unnecessary, and spared the CEO from having […]

Read more »