[ Wednesday, March 24, 2010 ]


Interesting: I previously posted about the page on the OCR website where they list everyone who reported a data breach involving 500 or more people in a single jurisdiction. I noted in an update that not everyone is happy with the level of detail, mainly where they don't identify certain reporting entities. Well, OCR has now said that it will only identify the reporting entity if the reporting entity gives its consent to the disclosure. As noted here, HITECH requires HHS to publish "a list that identifies each covered entity" reporting a breach. Should HHS name names?

hat tip: Theresa Defino

Jeff [11:19 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template