CHPC Study Group

C&C...Breach...Attestations..What Say You?

  • 1.  C&C...Breach...Attestations..What Say You?

    Posted 10-22-2019 09:52 AM
    Last night I was having an online discussion with some folks about the following scenario that happened at one of their facilities a few weeks ago.  I'll start right of by saying based on my application of the regs...I'm seeing this as a breach.  One of the folks said no because of the attestation factor.

    The key for me is the simple question...does the recipient who signed this attestation and did view the PHI of another individual now have information that this person should otherwise not have...attestation or not?  For me...that is key.  Now whether this person will further or disclose the information is good to know in terms of risk mitigation...but for does not impact the decision of a breach. I do not want to bias anyone...but simply want to share my position as a C&C and I hope others feel free to do so as well.

    Please share your decision of a breach or not and any comments you may wish to offer.  Let's use the survey method.  I will post the results on Friday and respondents are not asked to identify themselves.

    The scenario is posted at the following link:

    ► We don't fail unless we quit! ◄
    --------Frank Ruelas---------
    Certification Disclaimer

  • 2.  RE: C&C...Breach...Attestations..What Say You?

    Posted 10-22-2019 02:25 PM
    I've never used an attestation as I don't think they ensure a re-disclosure will happen and as you said, they don't erase the information the recipient has.

    David Garrison
    Compliance/Privacy Officer

    Certification Disclaimer