WEDI offers breach notification guidance

Healthcare organizations have been experiencing data breaches at record rates. To help, the Workgroup for Electronic Data Interchange (WEDI) has published guidance on required steps to take to determine if a breach of protected health information (PHI) must be reported to affected patients and the Department of Health and Human Services.

The guidance "provides a decision process that can be used to guide efforts in establishing probability and requirements for notification," according to WEDI.

This issue brief provides a decision process that can be used to guide efforts in establishing probability and requirements for notification. - See more at: http://wedi.org/knowledge-center/documents/issue-briefs/resources/2014/02/10/breach-risk-assessment-issue-brief#sthash.ngjtRQhX.dpufThis issue brief provides a decision process that can be used to guide efforts in establishing probability and requirements for notification. - See more at: http://wedi.org/knowledge-center/documents/issue-briefs/resources/2014/02/10/breach-risk-assessment-issue-brief#sthash.ngjtRQhX.dpuf

If compromised information does not include PHI or the PHI is unusable, unreadable or indecipherable to unauthorized persons through encryption or other means, the covered entity does not need to notify patients, the government and the public about the breach. There are also instances where unintentional access to PHI or inadvertent disclosure do not need to be reported because the incidents involve trusted authorized persons or the information disclosed is not retainable by the recipient.

If these exemptions don't exist, the guidance helps users through a risk assessment to determine the probability of a breach and the decision processes necessary to determine whether the breach requires notification. The guidance also includes a series of procedures to implement improvements to the security and confidentiality of PHI.

Access the guidance.

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.