4 Healthcare Providers, Vendors Report Data Breaches From 2020
Health IT Security
In recent weeks, a number of HIPAA-required notifications from covered entities and business associates have reported patient data breaches that occurred in 2020: Beacon Health Solutions, Planned Parenthood of Metropolitan Washington, DC, VEP Healthcare, and Administrative Advantage.
However, under HIPAA, covered entities and relevant business associates are required to report data breaches impacting more than 500 patients within 60 days of discovery—not at the close of an investigation.
As exhaustively reported by HealthITSecurity.com, HIPAA explains in great detail that a breach is determined “discovered” by the entity through reasonable diligence: “the ‘business care and prudence expected from a person to satisfy a legal requirement under similar circumstances.’”
That means that even when an investigation is ongoing, the Office for Civil Rights does not...