[ Monday, December 14, 2009 ]
Got paper? Paper-based data breaches on the rise.
Which raises 2 issues. First, the new HITECH data breach reporting rules only apply to "unsecured" data, so a breach of "secured" data need not be reported. Unfortunately, with paper records, the only way to "secure" is to "destroy," making the records useless to both intended and unintended users. So if there's a paper record data breach, it's reportable. Second, most states followed the lead of California and adopted state data breach notification laws (focusing on personal or financial information, which usually includes health information but not exclusively), but in many of those states (Texas, for example), the data breach law specifically addresses computerized records. There are often other state laws that require careful handling of records that contain personal information (i.e., shredding before dumpstering), but many breach notification laws only address electronic or computerized information.
Jeff [8:56 AM]
Blogger: HIPAA Blog - Edit your Template