|
|
|
Lawmakers Urge Lower Bar for Health IT Data Breach Notification
By: Roy Mark
2009-10-02
Article Rating: / 4
There are 7 user comments on this Health Care IT story.
Chairmen of the House Energy and Commerce Committee and the Ways and Means Committee remind Health and Human Services Secretary Kathleen Sebelius that Congress considered and rejected the very rules that now trigger a health IT data breach notification.Two key chairmen of U.S. House committees Oct. 1 urged Health and Human Services Secretary Kathleen Sebelius to revise or appeal the agency's controversial "harm standard" that would trigger a personal health record data breach notification.
Under the current rules, for companies that secure health information using encryption or destruction, no breach notification is necessary. For those companies that don't use encryption/destruction to protect the health data of individuals, notification isn't necessary if the breach doesn't rise to the harm standard established in the rules.
According to HHS' harm standard, a data breach does not occur unless the access, use or disclosure poses a "significant risk of financial, reputational or other harm to individual." Covered entities that suffer a data breach are required to perform a risk assessment to determine if the harm standard is met. If the entity decides the harm to an individual is not significant, no notification is required.
"This is not consistent with the Congressional intent," Rep. Henry Waxman, D-Calif., chairman of the Energy and Commerce Committee, and Rep. Charles Rangel, D-N.Y., chairman of the Committee on Ways, wrote to Sebelius.
Waxman and Rangel pointed out the ARRA (American Recovery and Reinvestment Act of 2009) requires health entities to notify individuals if there is an "unauthorized acquisition, access, use or disclosure of protected health information which compromises the security or privacy of such information." In the HHS interim final rules, "compromises" is determined by the harm standard.
"ARRA's statutory language does not imply a harm standard," the lawmakers wrote. "Committee members specifically considered and rejected such a standard due to concerns over the breadth of discretion that would be given breaching entities, particularly with regard to determining something as substantive as harm from the releases of sensitive and personal health information."
Like retailers before them, the health care industry has resisted data breach notifications and has latched upon harm standards to avoid broader notifications. HHS said it included a harm standard in its rules to avoid patients receiving unnecessary breach notices that could cause undue panic.
"Members reported and passed legislation that has a black and white standard for notification with a safe harbor for information that is rendered unusable, unreadable or indecipherable to unauthorized individuals," the letter states. "Such transparency allows the consumer to judge the quality of a health care entity's privacy protection based on how many breaches occur, enabling them to choose entities with better privacy practices."
The rules are being implemented as part of the HITECH (Health Information Technology for Economic and Clinical Health) Act, which, in turn, was part of ARRA passed earlier this year by Congress.
| | Reader Comments: Lawmakers Urge Lower Bar for Health IT Data Breach Notification | | >>> Post your comment now!
| | Link to the letter?Thank you for your continuing coverage of this important story. I have two questions, one quick, one less so:
First, do you have a link to the... Posted At: 10-05-09
By: Adam Shostack | | | | | | TitleeWeek should avoid the lower/higher issue and go with a clearer title altogether:
"Lawmakers Urge Repeal of Harm Standard for Health IT Data... Posted At: 10-05-09
By: Zurn | | | | | | Incorrect title - please changePlease re-read the letter. The title of your article is incorrect. "Set a high bar" in the Waxman/Rangel letter means that healthcare organizations... Posted At: 10-03-09
By: AZ | | | | | | A user comment on this articlethe headline is correct. they want MORE notification, thus it would be a LOWER bar, not higher. Posted At: 10-02-09
By: Anonymous | | | | | | Title of articleThe title of the article should be "Lawmakers urge higher bar for healthcare breach notification." Posted At: 10-02-09
By: Anonymous | | | | | | big pictureHITECH will motivate healthcare entities to maintain robust... Posted At: 10-02-09
By: benwright | | | | | | A user comment on this articleThe Center for Democracy & Technology wrote an article on how the new HHS harm standard for breach notification undermines patient privacy and the... Posted At: 10-02-09
By: HLGCDT | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������x}kw6�DىCo�ْmMlc9{"!1EjHʏΟ_?q��%m'm�P�
UBPއ�$\i9crsk�|jxޢ�>w}�!$?Xf0TEK�]Ϥ^=Am۟�@gimzΠN@\��~m@^c?³H,Ad-FF5��%�j'A]k|c{F}_2z5o0�f��E1;F��I�_MM9�J��D=�ڥ���E!mG$oQ}:[S�f�ANǩ-�}a�>$E%UUlE�hDԸ!|x\'gώ>г{WPb7��Ҵ?��wS!+6�29z+Po
+/
@Z��#\DȁYRh�-7dc7l#2�5AR
Z@[�;4��DOmCc`pm׃)�TQ5#}j�ݳt#ԳFu|ף&Y�.&�$f��6?ĵ�R�I&��qO-%z^y�z�<͠�E[g0歭_Ϫ|��uns<$s~7 r�d��1KU
6� �c p==\'�xtTa[�eY7;�Ͱ-.@6#M-jZUQ
b�kGϢCrL-ghT;ΨowUMSes~#���mݹ��ඔ켮k��Cq9}rԾ ��
��A:�W�YJL~#/@DR�˅4ID>��-āVP� u/jzRҏjF-_ ԊhGZAAr��Ija�̳|�3�-i�*5$Nߒ_L-~k~>EF,[�KAT4
行Ġ�KW+�eP=mݾ\rvZ�9ސVSCR=BCjBӹc�iqeUϯ~�6O|��6�l
U��u�ô|WVK5IC{|&�J]<蜐$˷�Yn[���`H�Bi۲ܾʑ\�y���aXXذ�6�,%��iJ@{d$e��$�=hI,E]!fdLK$o�#���if\�B(��PHQ��~�*nlN}yp|�6wܬ,�U$*ԴX߹-~ӢKsqiH{ekaYbyƺƻ���EHY7-6I0�QN}{Qk�H r�GE(T跰�\i��2ud8��İ�)5>�'5d}4>�AGA�ticš�4έ@7&��hC:}ҍ�L �~��ݣPo]=&unYž�*LRVi5PC
u�|h *>v\�l�8d
()s�yp;L-)σ�5[Ѽ[:��?`= 0. Zm���88ʬ��E��1O!�[>=�hMAJeC���97(3@x;?�+1
��%@F�HD�4�"BQF��
�T� * gscX"K@#'O@@17;�B/VKŤ�\*y"�Jm'8.ܱ;PKR�x&,�S,ЂW-KKBAfsf(4{~4�cbB$|#'"�Xr`Y
�\+|�^)l
V.hiȨ�s�0�=cWV+*Z
�ңF +<�dSܷ�rH�y:un�s94wa OwH�Jza-�>9=�Y��->MG�{��D�&�j�7O�j�7ab< #>ZHl~re�l�ٜI8S�A�0:A̾P��,|5lwnkr�8Y螹�Gc�NEiKJNo7�O)Hj�`>JgYA�3�G|@]4>╋zV*H(A0�0��ѿY6YBbOX���r+sF3UʜWRVY'e|)�WNY�Vc$] V6_2}�=�˧��L)ESr������w�es貝Fi�_f]ZЬ+�k�m�H^ƠT:�/
B]+��
�2%S�0Jw�ƗjZ"b b7{\X1,#
t,>E4~N/a+)WK�v7p�l}F�5}�&=f/U�OLXV<[)ZHjjXL;6٠�b�eQ7NVRRy=�:z'�Ѓڠ���r;�6O\?��: �8{{4!%6D;~�'hV���،
Mڊ01@�/��ŵa�a��:4c*tҝŅebiQ;m/)US_HZQ6Oom��V P\0pD30ڠ,e?C&]�1�=�ɰ\R
�)1V�D�ȸau-CaPEV�VőG@�q?@*:2
XY 0��(hE}耰�⢉�#H�+����4kpí225\ZS*ٝe'(Rv�p�>mQ�I�f0 �l"
?ŤX
�TkQsGŵ5��
φS�FL1�F^@�UR�T~m;:�z/Β.EՌLtPȐ�hN{�WlȡTh �8U_��PG*qϛ=GD�*@7Z �ɖ~oZɲ
��y>cIV ]z[�KԳиdNsl �}vr�f@�D�䛗|�(8 B�.+6,^ira;9^o@Hous1
`>��;'=��_lVa%l�wN�:"��A
ұe�/s_�wf�=]٘�i
�}SU�}Д��Re�ɢ�)6�Z�C�iB+ex.N3 f:}b;_*|92lz�
�tq6tch#*�ahhkc_u(�Eōj6�
Jx/
v\u[�-ֶ&sv�aF�6qa�?͕g7gkX> �B�k5)
0u%hrGSYq�{_/C/�$h/@^�1N�yAglJ�wѼZ8fR�q�m'YZ&Up]43Mb>�
0>2Tlɪ�+> 2*ijAR/sw@:Lpz]�zߋ
eRԧo{{k7}óf�A7W[�U�ts��EIfT.jZ��l[)Uʹ�f>"iB�q=C@!
H\}TK�(,�~W9Yo�|\V*Z�d:C�d�`| !A-a#d1~l'߾�l[D �B',U'.n\&WF@"%�y�q�o� ?xt
2˸6.�-�1{�G?J�ПBP`l�&wm� �@��1Ag�
Kf[I.36+ym??$�mSvis�O�0�int�y01�v�E��DqKKx��fqhïR!)��XrvxՒ:ͳ6?�pȾYM� $H��X���t�CfO"juΤ�^6v>����2CHv4,r�es%^>^to!#rѹjKVkQ~\#{�Rsvu£U8B*DEy�|hq\3nmG�'��L�kd�3;&7쐶C toZ�N,ruXKR!�m&۪1�>Cɢl�Gk<(�s��Gӝꖃ]LV\uyoߐ9ar܆s JAu#k|¯F�� *r{k�gO�tG/{F]Yl�Fg_
'c Ǿ~/ݺ��>-l-84�ǠC��R�#K1$�$Z^VP,*s攤CȔ�X�N�Gƽ�boڗ@Ɍ7CCf
K��=#tzo>ȥ�ֻ~?,~�O�'��w.�z@!z@qSx|}ԒH>r_&jD Np5{qJ9Nxs�,r`T�zH^أ�؈ڃ}
v�U6�u>=�=S����רO 6;x1tX��A�AXy� !VrlK9w@rq&�}����$`G-ݚ�ܭ1�WD`GHA|G˩سMs ��_5+�Z;sL+|^"�Zyfa�%8\}3�ߊ:"YcCƳd�۲&ZP|9�ߎ93{K�<�l�VSge_m�ZR| � \��F՞
�<�N�~=aɸ��hE'Ö�x�L,>_�'p�k2��[g1,r'��h2�tgԱU XZ�!�O4#�gh"f���:\Z]f4���o\pzb�/�0~z�Px)�Yh/K/M�����$>�Uc��s� 荹.Mx�cd/,��?Ȑ� '��t�Ws�v�a'-B�c$�'S~�0!Ro렳x1�Fw�.�k9YUh�ȿ�T\�@g qsÃk�&(
ɡGt��O�l+d�vT;Ђ>A�
;nb%H-xDܧdJH^VQx!-)�6]k�e�㤳jX8;�>}pg�4t����j�ڨ/1kZ��s�b�c4D�@bXgF.iG~�����!ԴߐƮ*R�KJW(�Q�sz�wnR˕Cw�/ClȈ1n%eN�D��DZ.a`H�~�_��c7�j&����͕�i�IXp=7'7qпƆ�_��9v�]o|w���V`&;dy�* kE �hg!?�ybqVĥ�4D#ɺP>��o�7F Kvݍ78 �X++F\{N9.t�]4W;Uho?�G8K[nŅKpf�$e
&:�BaD0N�-9�WG`*'^t1��&F
ǹp`%�0mg+A#AI�҂�B4�ĨW\"�Hb��H�UW�sy+��#,��rK�akjrD��-��x�$I��V./��x��ȋL,p=/p#(iLzS^z�o2sϩTh��/ZNx5ZHkژ�cΩEZE9�>%�Rk�KN�ݥt�c��
L n �d"�rI�$ΨP�_fUP*$4@i9r(*&@
6VM}YULX���L/&p]X�صkL;W��V�]4_q�=o7E(j3W5Uj=r`��7JF#�x�遹I�L�qg:�g�RI+�Tۺg?탮AE�L>:)ei-�?(vBA)bo3_w�B}CC@G��0cˡ7�}jZǾ;
5AgB�;�8Xp�qo0s{IV^Y5X$tHN7�XEڭJ]kJ@~j�$Z(�u-ubW�gX^sjO{ޞ;.,9)��xfZ-j%V㬤{0�,2;[�f�DuGw,�#Y��4 �R����k__ Cʵg㭨=-ָ�LQQ�.&;nzZ*F6#ZIikx� ůq+�S�1貍D�U<�1�1t+PjN�TL0Y�=XCE3S�/?VHUGoh݀2�QǷ�5t$rE!�i�?�/7W=�0�+sA~�C:�
�nZv*��BF(��<"m�G=7�nrn�-i`IkD���r�:�,N n#BLk43D�t�9,ǰlFLN:A�i|v��#@��
�l!�1�g昑Gi>'_1�H-scq>rS��RC¤vxܡX-n�@�<�P�t4'*��&Hz�g
{�2|���><�Rh̘TՊR
*uU��2,��-VR⼻<�>KA~g5E�r �H@+^@��3�:�}O��JS��k;w��sgrڽ!MrznM^E�,a]+��|nSs'ϧM窟kZ�|-WV/
�˙͓^�9j^28SѦΘKs!Yx�9K��xU�"
/WEL�qx*0ʖ<=�Nb�D0/ڲ�& F�Mӄccܦ jݴ{=-�[q-�,Ǜ#x[jX�+�nzf�h9��Pc=W�@s���@AC�s3hYF>B\㼳>5:th_'}h\eC;�kH�ק_��05.3�K��{Ke�~.��̠K�D�'H~��e_BeF:U^�\e�UuwAt3O�K7C\�}\g5(�sA?=/=/}~��X�c�}}OYпO��[HJ�͠[6[�Ku1�Az3Ϛpzy="9H/��R**_�~J%iFz
3YY�zvAeX^g\52ௗe}�dlڹ>鶒
q�ʕ({�^S_yڞꖽVq뭤M��n@KG{2Ph�
�+[yH�2�r hxVYd�bd�
byXe?~VP�枔u�]�CR�M�j. {%])We[M'ji��kr(s3g�g=U2�6C�"tf+}d>܃f
cr2� #GY�wT+3i˘�Јw�S;
�=��qU4s�n
\�y�[+s%>�|
CG0�%nsKkr>ub��xvY늮̌�j�7�m(!��1q}³2N�!܇�ߊD,zT
�e��HI\��=
=r|FF�?f�c���*Hy1nGg>�ؓ?�u=AݷD@�N$p� G;�RK$A^̓>(�Bcظ�j�_WxJ=
�m�~ocPts`�In6�J墦�
V˕R;~O+a>q@S�1<ˈɪ"+UW9 ط]�V++R�0�X����^;�QHJvoo�*%F0njy�=q��a��*1Vы;BDK"�ѱװ;f]�W0F
dy5�ABoT�9 ��@1�L�o r7Xpi- R�!K\f�ܹ?|NEF�?�bP!�Jؒ&VED-# '�]y2(�Y&|�f�&g �M��c�Bݣ>G�C 2�e`�;lL�oR%\"�>�oQ^\�V�N*� �X-0Yxω8�]��kQ{9Fd [-FdX�jXErX\tLsX`-yYB|sb)H��C�~Y�z�Fˡ@�O^vE��ا0.<��E7xe�@��s��7F
o-`k�0fLd~�^[�]X:��bR�zՏ�O[E�=0&J�cFo1#9�S*aсHY] �{D8�9p=`iK�Bju�;ݹ).<�Tx#0�=f
}u+6d1q몦F)\tˉ4lZ���Hn<-7н193L:�BKL/fxl�N"B�/0@OF�<#zb\Wn�BaI���YDl;.5|�|qz0qH*_{l�x$S!I/�[�w>.|�SN8��>x�8"�"HH�"s�{F�|%i;cVߞ�r���}ס a4`w,<��"{sB
s#b;MA5#>l:}r;�.n _q�Z0D1qN@>FыpO`w�BG�^v�AR�h
mb?p5V2sL��ALH\lz^UE�,
-
�)HSa8u�&� 1o�):�f*���dp��;�BI<ŗ`�-�>,R72G�Yl�,XoOD�
L[��|�IK:=��T@|�
%�.�X�"~�)f�{xQ�
(�Q\��A{;*^vlܥeN�VhJ�m;)���l2-1����&�M�ad:Σ@E!7v� �AqI_Vw�^x.2�DWݞO��/Xo}�8��-�hZqI=ʷQ$�T{OxcA{.HJ��F /ɮy�بo�@FC0!��i}.#sE�%&(Xp\gAΙjsw6E~�d
ȱH�by�J�ϳ�j�)+o[t%(�9x�{n�6�m˟�~Hױ�Q
_b[P~Y�rvJ^�Q.5�7tleb�@�J\,�� �73Tt]
<�%` GY�U`kr
�5�E6<]܈@x5ƃnߡ/J^ӳ��s݁F5'2l2;=V*Nu�e�6r)2
XGڦZMaW�~n`=y螉=��ve+{B30* A� wVǰ�>`BOsSo
30RO
+(|[P�0.�ƸrX)~F�E5rqA�ȃgz�`Z>^}�^��O!�gW�B
Y�-~.
��b'�kI���'�'�R la$r��R3 ۅET z.�3���\/4yr{ϼ�0SS2w�ī$Y?w��f@�Oȟ8ʃ}E.4��bG@T�*�z�;V?�s<^e!w$g~�Z�;yv�<;K:{�Xi*ቓoE&�?C[7xq䗳ǫ�f(j�"ON`��Xfչ:Kf{z
Cɕ/-F#x�o*@�PٚYf]Z%Nb�i|�ۊ�=iQf8&rYKjJZ>۽��΄^8�%ܖuJPU&s.#�Uԗ�W_)M�S9�/kE�s+&l��R2c{͵N_tl?�7,,��
|
Health Care IT 
