HHS Issues New Rule for HIT Breaches
Here's a little bulletin board fodder for the employee break room.
HHS last week finally issued its new interim final rule detailing the notification requirements that healthcare providers, health plans, and other entities covered by HIPAA must have in place to notify patients when their personal files have been breached.
There shouldn't be any surprises here. We've known this was coming for months, and most people I've spoken with think this rule is simply common sense applications that spell out what most healthcare providers are already doing.
The rule, which was developed by HHS' Office for Civil Rights, requires HIPAA-covered healthcare entities to notify the individuals affected by the breach, the HHS secretary, and local news media in cases affecting 500 or more people, which is not uncommon in HIT breaches. The new rule also requires business associates of the HIPAA-covered entities to notify them of any breaches at their business.
The regulations were developed after a months-long public comment period and with consultation with the Federal Trade Commission. The FTC has crafted related breach notification regulations for vendors and other entities not covered by HIPAA. The rule takes effect 30 days after the interim final rule is published in the Federal Register.
Dom Nicastro, my colleague at HCPro, has done a nice job explaining the provisions of the new rule and how they will impact your healthcare operation.
- Drug Pricing 'Tantamount to Greed,' Lawmaker Says
- CVS Ramps Up Retail Clinics with Provider Affiliations
- Study Puts Spotlight on Preventing Fall-Related Injuries
- Wanted: Nurse PhDs
- Surgical Checklists Unused in 10% of Hospitals, CMS Data Shows
- The Infection-Busting Treatment Payers Don’t Want to Talk About
- Contradictory Obamacare Rulings Issued by Appellate Courts
- 4 Tectonic Shifts Shaking Up Healthcare
- As HIPAA Breaches Accelerate, Tools Lag
- Doctors Feel Pressure to Accept Risk-based Reimbursement