Providers: Prepare Your Breach Notification Policy!

Dickinson Wright
Contact

On December 26, 2013, Adult & Pediatric Dermatology, a dermatology practice located in Massachusetts, agreed to pay a $150,000 fine after it lost an unencrypted thumb drive containing over 2,000 patients’ health records, and for its failure to institute HITECH’s breach notification requirements in response to the loss. According to the notice on the Department of Health and Human Services’ (“HHS”) website, the practice also did not have in place breach notification and training policies and procedures required under HITECH.

Providers must have proper breach notification and training policies and procedures in place in order to identify and mitigate risk to protected health information. Further, providers must make it a priority to secure electronic protected health information by, for example, encrypting hard drives.

Regarding the incident, “An ounce of prevention is worth a pound of cure” said the Director of the HHS Office of Civil Rights.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Dickinson Wright

Written by:

Dickinson Wright
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Dickinson Wright on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide