By: Michele G. Thompson
March, 2013

Is Your Medical Practice Prepared For A Breach of Health Information?


As a medical provider, your focus not only has to be on the practice of medicine but also on maintaining the privacy of your patients as well as the security of their health records.  Many physicians are not aware that in 2009, Congress enacted the HITECH Act as a supplement to pre-existing HIPAA regulations.  This Act requires, in relevant part, providers to notify patients of breaches of their health information.  These regulations, in most cases, require physicians to not only notify each affected patient, but also prominent media outlets as well as the Office for Civil Rights (“OCR”), a division of the U.S. Department of Health and Human Services.

The regulations requiring breach notification are cumbersome. Notifying patients can not only be costly, but time-consuming.  Notifying the OCR can subject the provider to an investigation and increased scrutiny. Failure to meet these regulations can also subject the physician to severe penalties by the OCR, even if the breach was unintentional.

In light of these obligations, many malpractice insurers are now offering insurance coverage to cover the costs associated with breach notification.  Frequently, attorneys are utilized to assist the physician in appropriately notifying patients, while keeping risk management in mind.  Should you become aware of a breach, it is essential to contact an attorney promptly as there are short deadlines that must be met in order to comply with HIPAA. Further, an attorney can assist in not only ensuring that you have met your obligations under HIPAA, but that your practice is well-prepared to address an OCR investigation as well as patient complaints stemming from the breach. Should you experience a breach, please contact our office to guide you through this process.

Michele G. Thompson, Partner, Udall Law FirmMichele Thompson specializes in professional liability defense.  She focuses her practice on representing hospitals, physicians, employers and other insureds in complex litigation. Ms. Thompson has represented healthcare providers, including physicians, dentists, and nurses before regulatory agencies on matters concerning discipline and licensure. She has also represented healthcare providers in responding to HIPAA violations before the Office for Civil Rights as well as assisted providers in breach notifications required under the HITECH Act. She has presented several seminars and in-house training on various HIPAA issues.

©2013 All rights reserved. Articles and other postings on this website are only for the purpose of providing readers with updates on topics of interest relating to the Udall Law Firm, LLP and/or the law. Nothing on this website (articles, postings or other content) should be considered or construed as providing legal advice or a legal opinion, or as offering, establishing or memorializing the existence of an attorney-client relationship with Udall Law Firm, LLP or any of its attorneys. If you are in need of legal advice, or have any other questions, please contact Udall Law Firm, LLP.