Breach Notification Law
New Breach Notifications Laws in Effect September 23, 2009
You may hear information in the news the next couple of weeks about new reporting responsibilities for health systems whenever there has been a breach in patient privacy. OHSU has for some time been at the forefront of both protecting patient health information and reporting responsibly--to affected patients and the media--about breaches. You can read more about OHSU's PHI privacy policies here.
The new policy won't change anything about how you report breaches: if you're aware of any breaches in the protection of the privacy of patient health records, you should always contact the Information Privacy and Security Office at 503.494.0219 or firstname.lastname@example.org.
The new reporting requirements will have an impact on our business associates, who will be required to notify the OHSU unit(s) they do business with if there is a breach in the protection of PHI of which they are in custody.