Lexology January 29, 2024
Jackson Lewis PC

For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI) likely triggers obligations to notify affected individuals, the federal Office of Civil Rights (OCR), potentially the media and other entities. The breach also may require notification to one or more state Attorneys General, an obligation that depends on state law. Currently, the state data breach notification law in Michigan does not provide for Attorney General notification, something Michigan Attorney General Dana Nessel wants to change, according to reporting earlier this month from the HIPAA Journal.

Spurring the Michigan AG are concerns about the timing of notification to patients about recent...

Today's Sponsors

LEK
ZeOmega

Today's Sponsor

LEK

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, Healthcare System, HIPAA, Privacy / Security, Provider, States, Technology
How 3 hospitals are reimagining behavioral crisis care
How Health Systems Can Collaborate on AI Tools
Critical access hospitals face uphill battle: 6 things to know
AdventHealth's plans for new Florida hospital move forward
OSU Wexner CEO's blueprint for improving care in 2025

Share This Article