Coalition for Patient Privacy Calls on HHS to Repeal the Breach Notification Rule: Echoes the Call from Congress

The Coalition for Patient Privacy urges the Department of Health and Human Services to revise and repeal the interim final rule (IFR) establishing requirements for notification of breaches of unsecured protected health information.

“We are dismayed and disappointed with the IFR, particularly with the inclusion of a ‘harm standard’. HHS went far beyond the intent of Congress. This is a real blow to accountability and transparency,” said Ashley Katz, Executive Director of Patient Privacy Rights, the organization that leads the Coalition.

On October 1, leadership from the House Ways & Means Committee and Energy & Commerce Committee urged HHS Secretary Sebelius to revise or repeal the harm standard.

Under HHS’ interpretation, an entity responsible for a breach may avoid providing notice of a breach if that entity determines there is no “significant risk of financial, reputational or other harm to the individual.” This exclusion weakens the breach notification requirement dramatically, granting the company that would like to avoid the cost and consequences of breach notification the power to decide if they will notify.

There was no mention of any harm standard in HHS’ previous Request for Information, thwarting any opportunity for public debate.

Currently, individuals have higher standards and expectations for our financial data than we do for our health data. With a breach of financial records, a consumer faces a significant headache, but ultimately can have their credit and funds restored; this is not the case with health records. A stigmatizing diagnosis, condition or prescription in the wrong hands can cause irreversible damage and discrimination.

Ensuring ironclad protections against theft and misuses of PHI must be the price of doing business in health care. “If an entity cannot or will not protect our most sensitive data, they should not be in the health care business,” said Katz.

About the Coalition for Patient Privacy:
The Coalition for Patient Privacy is the leading voice of consumer organizations for privacy and health IT. We are a diverse, trans-partisan group united by our efforts to prevent discrimination in employment and other key opportunities based on health information. We work to positively impact how electronic medical records are used and to ensure privacy is protected. Patients will only trust the healthcare system if privacy is assured.

Signing organizations to the HHS letter include: American Association of People with Disabilities, American Civil Liberties Union, American Council of the Blind, Clinical Social Work Association, Consumer Action, JustHealth, The Multiracial Activist, The National Coalition of Mental Health Professionals and Consumers, Patient Privacy Rights, Private Citizen, Inc., Telecommunications for the Deaf & Hard of Hearing, Inc., and the U.S. Bill of Rights Foundation.

About Patient Privacy Rights:
Patient Privacy Rights is the nation’s leading health privacy watchdog. Our mission is to ensure the right to control your medical privacy to protect jobs and opportunities. Patient Privacy Rights has over 10,000 members in all 50 states. We lead the trans-partisan Coalition for Patient Privacy representing over 10 million Americans.

CONTACT:
Ashley Katz
akatz {at} patientprivacyrights(.)org
(512) 732-0033
(512) 897-6390