Ugh. The FastHealth breach is still dripping out with yet more people first being notified. This time, it’s Cullman Regional.
There’s no provision in HITECH (at least as far as I know) that would require a business associate to make one public disclosure of how many patients, total, have to be notified about an incident. So some clients may choose to do their own notifications, while FastHealth may send notification letters to others’ patients.
How bad/extensive was the FastHealth incident? It would be nice to get a fuller picture/number.