Experts guide HIMSS attendees through the privacy maze

By Diana Manos
February 20, 2011
07:10 PM

At a HIMSS11 workshop held Sunday, HIMSS Privacy Director Lisa Gallagher and other experts tried to set the record straight on the federal breach notification rules.

The Department of Health and Human Services (HHS) withdrew a final breach notification rule last July, for reasons that are not known to the public, Gallagher said. There is no projected date for when the final rule will come out, but in the meantime, privacy officers need to keep in mind that the interim rule is still in effect. “There has been a lot of confusion in the industry about that,” she said.

According to Gallagher, the interim final breach notification rule requires providers to notify all individuals who have been affected by a breach within 60 days. If more than 500 individuals have been affected, the organization must notify a major media outlet and report the breach to HHS.

[See also: Report: More than 6M affected since breach notification rule]

Providers should keep in mind that more than 75 percent of breaches are the result of the loss of a portable device, Gallagher said. Requests for portable devices from staff is an area that should be taken very seriously she said.

Privacy officers are also grappling with HITECH’s meaningful use requirements. For the meaningful use Stage 1, there is only one requirement, Gallagher said. Organizations must have an ongoing risk management plan and they must attest to that formally to the federal government.

[See also: Top 7 trends in health information privacy for 2011]

The Office of the National Coordinator for Health Information Technology is currently taking comments on a draft of measures required for Stages 2 and 3, which currently contain no privacy requirements. This does not mean there will be no privacy requirements in those stages, Gallagher said. 

Industry privacy experts are eagerly awaiting regulations from the Office for Civil Rights (OCR), mandated under HITECH to be enforcers of patient privacy. OCR audits are a dreaded concern to most providers, who want to know more about what to expect, she said. A Notice of Proposed Rulemaking is expected out by OCR next month, Gallagher said. “Please take a look at it,” she told attendees. “It will have a huge impact on your organization.”

Topics: 
Meaningful Use, Electronic Health Records (EHR, EMR), Privacy & Security

More regional news

Stethoscope on an iPad

HIMSSCast: Care provider or tool? When and why patients like AI

By
Andrea Fox
November 22, 2024

EHR tips on migrating an all-digital hospital to Epic

By
Bill Siwicki
November 22, 2024
VA building signage

House passes veterans healthcare package without RESET Act

By
Andrea Fox
November 21, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

VA building signage
House passes veterans healthcare package without RESET Act

Most Read

HMIS integration with other public HIS sought and more India briefs
Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
VA must strengthen controls addressing EHR performance
CrowdStrike all but assures Capitol Hill: Never again

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 2_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
Switching from Cerner to Epic? Meet a CIO who made it out alive
David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive

More Stories

Joanna Lucas, RN, of St. Luke's University Health Network
Case and referral management technology gets big results for St. Luke's
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
Northwestern Medicine
Northwestern Medicine announces international healthcare collaboration
BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards
Clinicians look at diagnostic imaging
American College of Radiology launches AI quality registry