Karen Caffarini reports:
Sending a letter to patients to notify them of a data breach in your office is more than just a nice thing to do — it’s becoming something you must do.
The recently passed stimulus legislation — the American Recovery and Reinvestment Act of 2009 — includes language that requires any physician office that has discovered a breach involving unsecured data to notify by letter every affected patient. The requirement is the same whether records are on a computer or in paper form. You have until 60 days after discovering the data breach to let patients know it happened.
Read more in American Medical News