[ Thursday, July 09, 2015 ]
Breach Notification: Great article
Jeff [12:36 PM]
on when to report a data breach, and why over-reporting can be as bad as under-reporting. Be honest and legit in your breach risk analysis, but be fair to yourself as well. And be prepared: if you report something, you're likely to have to "open the kimono" to OCR. If your HIPAA activities have not been up to par, be ready for some harsh scrutiny.
Big takeaway: Do your risk analysis. Maybe it wouldn't have stopped the breach, you can't prove that, so the excuse won't fly. When was the last time you did a formal risk analysis? Idaho State paid $400,000 because it hadn't done one in several years.
Blogger: HIPAA Blog - Edit your Template