Assessing Whether to Report a Breach

Deven McGraw of Center for Democracy & Technology
Assessing Whether to Report a Breach

The new HIPAA Omnibus Rule contains detailed guidance on how to determine whether a breach must be reported, consumer advocate Deven McGraw explains.

See Also: KillNet: The Next-Generation DDoS Group?

In an interview, McGraw, who chairs a privacy and security panel that advises federal regulators:

  • Outlines how the new guidance is different from the original "harm standard" for breach reporting;
  • Describes the documentation that's now required;
  • Explains why she believes the new breach notification guidance is good news for consumers.

McGraw is director of the health privacy project at the Center for Democracy & Technology, where she focuses on developing and promoting policies that ensure individual privacy is maintained as personal health information is electronically shared. She serves on the Health Information Technology Policy Committee, which advises federal regulators, and chairs its Privacy and Security Tiger Team.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.