Breach Notification and the Law


The American Medical Association Council on Ethical and Judicial Affairs (CEJA) has written a position paper on physicians' ethical responsibilities in the event that the security of patients' electronic health information has been breached. The report offers compelling ethical and practical justifications for notification requirements and articulates guidelines for clinicians. This commentary addresses a gap in the report. It outlines the new legal duty to disclose security breaches, established by the 2009 HITECH Act, which is only briefly mentioned in the report. The commentary also analyzes the CEJA recommendations in light of the legal mandate and suggests that the guidance would benefit from further clarification..


Health Law, Medicine, Notification

Publication Date


Document Type


Place of Original Publication

Journal of Clinical Ethics

Publication Information

21 Journal of Clinical Ethics 42 (2010)

This document is currently not available here.


COinS Sharona Hoffman Faculty Bio