HITECH Law Requires Privacy Breach Responses by Clinical Labs and Pathology Groups
“Securing” Protected Health Information (“PHI”) allows medical laboratories to avoid HITECH breach notification requirements
As of February 22, 2010, clinical laboratories, pathology groups, and other health providers have new breach notification requirements relating to protected health information (PHI). This is mandated in the legislation known as the HITECH ACT.
Dark Daily reported extensively on the breach notification requirements imposed by the HITECH ACT. Under the breach notification requirements a covered entity—such as a clinical laboratory or pathology group—is obligated to notify patients and the Department of Health & Human Services (HHS) of the breach. In some cases, the entity must also notify the media.