Stimulus bill puts burden on physicians to tell patients of data breach

Karen Caffarini reports:

Sending a letter to patients to notify them of a data breach in your office is more than just a nice thing to do — it’s becoming something you must do.

The recently passed stimulus legislation — the American Recovery and Reinvestment Act of 2009 — includes language that requires any physician office that has discovered a breach involving unsecured data to notify by letter every affected patient. The requirement is the same whether records are on a computer or in paper form. You have until 60 days after discovering the data breach to let patients know it happened.

Read more in American Medical News

About the author: Dissent

Comments are closed.