Lexology January 29, 2024
Jackson Lewis PC

For healthcare providers and health systems covered by the privacy and security regulations under the Health Insurance Portability and Accountability Act (HIPAA), a breach of unsecured protected health information (PHI) likely triggers obligations to notify affected individuals, the federal Office of Civil Rights (OCR), potentially the media and other entities. The breach also may require notification to one or more state Attorneys General, an obligation that depends on state law. Currently, the state data breach notification law in Michigan does not provide for Attorney General notification, something Michigan Attorney General Dana Nessel wants to change, according to reporting earlier this month from the HIPAA Journal.

Spurring the Michigan AG are concerns about the timing of notification to patients about recent...

Today's Sponsors

Venturous
Got healthcare questions? Just ask Transcarent

Today's Sponsor

Venturous

Continue Reading

 
Topics: Cybersecurity, Govt Agencies, Health IT, Health System / Hospital, Healthcare System, HIPAA, Privacy / Security, Provider, States, Technology
Related Articles:
Chinese medical devices are in health systems across U.S., and the government and hospitals are worried
HISAC Finds Ransomware & Third-Party Breaches Dominate 2025 Threats
The missing piece in medical education: Why health systems science matters
The 'buzz of excitement' behind Duke Health's CHS hospital acquisition
Hartford HealthCare taps AI to enhance virtual care access

Share This Article