Ah, the HIPAA Irony
In an interesting twist, the regulation that was designed to protect patients' sensitive information has forced the identification of medical practices that experience privacy breaches.
In an interesting twist, the regulation that was designed to protect patients' sensitive information has forced the identification of medical practices that experience privacy breaches.
HealthLeaders Media reports that the Office of Civil Rights, which manages and enforces the Health Insurance Portability and Accountability Act regulations, now will list the full names of entities reporting data security breaches on its website, regardless of whether those organizations agree to have their information published.
According to the article, medical practices previously were considered "individuals" and therefore had to give consent for their names to be revealed. Those "individuals" would be listed as "private practice" on the OCR website. Those names, however, are now listed in full.
The new rule boosts transparency, certainly, for those who want assurance that their personal information is safe and sound. But it's an interesting conundrum -- the very rule designed to protect privacy of some indirectly takes it away from others?