Eric Chabrow reports:
Witnesses testifying Wednesday on a data breach bill called on senators to exempt industries from notifying individuals whose personal information is exposed if other laws require such alerts.
Melissa Bianchi, a lawyer representing the American Hospital Association, told the Senate Commerce, Science and Technology Consumer Protection, Product Safety and Insurance Subcommittee, that healthcare providers should be exempt from breach notification rules in the proposed Data Security and Breach Notification Act of 2010 because they’re covered under HIPAA, the law designed to protect patient privacy.
If hospitals must comply with Federal Trade Commission rules under the proposed bill and Department of Health and Human Services regulations mandated by HIPAA, she said, then they could be required to send two letters to the same patient for a single security incident. “That simply doesn’t make sense for patients, and it doesn’t increase the protection of their information,” she testified.
Read more on BankInfoSecurity.com