emPower

HIPAA /HITECH Breach Notification Applies to Deceased Individuals

medicalrecordsIn her IT Compliance blog, Rebecca Herold posted an article about the implications of the FTC’s Health Breach Notification Rule.

As usual, it’s probably going to take a while for the dust to settle so that we can understand the full implications of the rule. But Rebecca noted one fascinating aspect – security breaches involving the Personal Health Information of individuals that the organization knows to be deceased must be notified to the deceased’s next of kin or personal representative.

I don’t think I’ve come across a requirement like this before, and it’s not clear what implications this will have for record retention policies and associated training.

Jessica Holland

Jessica Holland

Like this post? Subscribe to receive updates directly in your inbox.