HHS Withdraws Breach Notification Rule | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

HHS Withdraws Breach Notification Rule

August 2, 2010
by David Raths
| Reprints

Health data privacy groups are applauding the fact that the Department of Health and Human Services has withdrawn the Final Rule for Breach Notification for Unsecured Protected Health Information for further study.

HHS received lots of public comment about the “harm standard” in its proposed rule, yet the final rule did not reflect those concerns. The harm standard stated that a breach does not occur unless the access, use or disclosure poses “a significant risk of financial, reputational, or other harm to an individual.”

In the event of a breach, the rule required HIPAA-covered entities to perform a risk assessment to determine if the harm standard is met. If they decided that the risk of harm to the individual is not significant, the health providers were not required to tell patients that their health information was breached.

Privacy groups likened that setup to the fox guarding the henhouse.

In announcing it would withdraw the final breach rule to allow for further consideration, HHS said, “This is a complex issue and the Administration is committed to ensuring that individuals’ health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur.”

A group called the Coalition for Patient Privacy put out a release congratulating HHS for seeing the flaws in the rule.

“This is a huge step in the right direction,” it said. “Congress, the Coalition for Patient Privacy, and patients everywhere spoke out against the blatant disregard for patients' rights to be notified of all breaches.”

In a reminder of what is at stake, the Philadelphia Inquirer reported July 30 that Thomas Jefferson University Hospital in Philadelphia told 21,000 of its patients that a laptop computer with unencrypted health and personal information was stolen in June. More than 120 breaches have been reported to HHS since last September. Scot Silverstein, M.D., a medical informatics professor at Drexel University, told the Inquirer that “there is almost no excuse for unencrypted data to be sitting on any computer at a hospital or any organization.”

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More



Epic Wins Labor Dispute in Closely Divided Supreme Court Decision

Epic Systems Corporation won a major labor-law ruling in the Supreme Court on Monday, centering around the extent of corporations’ right to force employees to sign arbitration agreements, and with a 5-4 ruling in its favor

Survey: Two-Thirds of Physician Practices Seeking Out Value-Based Care Consulting Firms

Most physician organizations are not prepared for the move to value-based care, and 95 percent CIOs of group practices and large clinics state they do not have the information technology or staff in-house needed to transform value-based care end-to-end, according to a recent Black Book Market Research.

Cumberland Consulting Buys LinkEHR, Provider of Epic Help Desk Services

Cumberland Consulting Group, a healthcare consulting and services firm, has acquired LinkEHR, which provides remote application support, including Epic help desk services.

Population Health Tool that Provides City-Level Data Expands to 500 Cities

A data visualization tool that helps city officials understand the health status of their population, called the City Health Dashboard, has now expanded to 500 of the largest cities in the U.S., enabling local leaders to identify and take action around the most pressing health needs in their cities and communities.

Trump will Nominate Acting VA Secretary Wilkie for Permanent Position

Just a day after the Department of Veterans Affairs (VA) and Cerner inked their $10 billion EHR (electronic health record) deal, President Trump said he would be nominating Acting VA Secretary Robert Wilkie for the permanent position.

ONC Names API Server Showdown Stage 2 Winner

The Office of the National Coordinator for Health Information Technology (ONC) has named 1UpHealth as the Stage 2 winner of the “Secure API Server Showdown” challenge.