A breach notification loop-hole for HIPAA covered entities

0  comments

According to the National Conference for State Legislatures (NCSL) website, there are currently forty-seven states with breach notification laws. For the most part the laws are fairly similar in that they require organizations to notify individuals when their Personally Identifiable Information (PII) has been compromised. Many also include exemptions for organizations that are already covered by the breach notification requires of GLBA and/or HIPAA. On the surface preventing an overlap of federal and state breach notification laws seems logical, but in reality, this provides a gap in legal protections for some individuals’ privacy. This gap is created by the difference in the type of data that each law covers.  HIPAA and the associated Breach Notification requirements only cover Personal Health Information (PHI), and not generic PII. As mentioned before, because many state breach laws exempt HIPAA covered entities entirely they are not required to notify individuals if their PII has been compromised. One group that this could affect is the organization’s employees and contractors, whose personal information is typically stored in payroll and HR systems. While we would hope that most, if not all, organizations confronted with this type of issue would still do the right thing by providing notifications, I would guess there may be a few that would decide to take the easy way.

 

 

Disclaimer

The materials available at this web site are for informational purposes only and not for the purpose of providing legal advice. You should contact your attorney to obtain advice with respect to any particular issue or problem.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

You may also like:

Dedicated Vs. Non-Dedicated HIPAA Security Officer
What is a Dedicated and Non-Dedicated HIPAA Security Officer?
What are the primary responsibilities of a HIPAA Security Officer?
What is a HIPAA Security Officer?

Subscribe now to get the latest updates!

>