Opinion: Are Data Breaches Overreported?
HEALTHCARE PRIVACY—U.S.September 21, 2011
In Computerworld, Jay Cline, CIPP, examines whether the required reporting of some medical data breaches is warranted. Pointing to a recent Health and Human Services report to Congress on breaches involving personal health information in 2009 and 2010, Cline writes that many of the breaches involved loss of electronic devices or paper, misdirected communications or similar nonmalicious errors--seemingly low-impact breaches. Cline suggests that healthcare organizations "band together" to "voluntarily adopt a self-regulatory standard for medical data breach notification that specifies which types of data incidents do and do not pose a significant risk of harm according to the criteria laid out in the interim final rule."