[ Tuesday, July 27, 2010 ]
New Data Breach Tool: HITECH now requires HIPAA-covered entities and business associates to provide notice to affected parties in the event of data breaches involving unsecured PHI, but not for breaches where there's not a substantial risk of harm. How do you determine whether an incident rises to the level of a breach, or whether a breach carries a risk of harm substantial enough to require notification?
IDExperts has a tool, called RADAR (Risk Assessment Documentation And Reporting) that helps covered entities and business associates track and analyze breaches to determine whether notification is required.
Jeff [12:07 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template