Advising Clients During a Big Health Care Data Breach
Lisa Pierce Reisz, a partner in the Vorys Columbus office and a member of the health care group, authored an article for Communications Professional Resources Online (CommPRO.biz). In the article, she provides an overview of the information that public relations professionals need to know about the latest HIPAA breach notification rules, which become law in September 2013.
The article states:
“Covered entities that experience a breach affecting more than 500 residents of a state or jurisdiction are, in addition to notifying the affected individuals, required to provide notice to prominent media outlets serving the state or jurisdiction. The announcement can be made in the form of a press release to appropriate media outlets serving the affected area. Like individual notices, this media notification must be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and must include the same information required for the individual notice.
In addition to notifying affected individuals and the media, covered entities must also notify the Secretary of U.S. Department of Health and Human Services (HHS) of breaches of unsecured protected health information without unreasonable delay and in no case later than 60 days following a breach. To add insult to injury, the HITECH Act also requires HHS to post a list of breaches of unsecured protected health information affecting 500 or more individuals on its website. This is the infamous HHS “Wall of Shame.” And, once an entity ends up on this website, there is no getting off. The entity is forever on the list of HIPAA’s big data breaches.”
To read the entire article, visit CommPRO.biz.