One-Hour Breach Mandate Is Wasteful, Says GAO Report
HEALTHCARE PRIVACY—U.S.January 10, 2014
FierceGovernmentIT analyzes a GAO report released last month that calls into question the effectiveness of new U.S. Office of Management and Budget (OMB) rules that require federal agencies to report PII-related data breaches to the Department of Homeland Security within an hour of their discovery. Further, "OMB staff said that they were unaware of the rationale for the one-hour timeframe, other than a general concern that agencies report PII incidents promptly,” the report reads, while saying that agencies are likely to have little to report with so little time to investigate what happened and why. Meanwhile, FierceHealthIT says there are privacy hurdles to overcome with teenagers and new online patient portals. How much information should parents be allowed to see, and how can that be controlled?