HHS Puts More Teeth Into HIPAA Regulations
HHS released an interim final rule on breach notification and the acceptable methods for covered entities (CEs) and business associates (BAs) to encrypt and destroy patient records in order to prevent breaches of protected health information (PHI).
The American Recovery and Reinvestment Act (ARRA) of 2009 required HHS to issue the final guidance, six months after President Barack Obama signed into law Title XIII of the ARRA — the Health Information Technology for Clinical and Economic Health (HITECH) Act.
The breach notification regulations take effect September 23.
However, covered entities need not worry about HHS enforcement until February 22, 2010.
HHS says in the Federal Register it will "use our enforcement discretion to not impose sanctions for failure to provide the required notifications for breaches that are discovered before 180 calendar days from the publication of this rule, or February 22, 2010."
The regulations include the following:
- Notice to patients alerting them to breaches “without reasonable delay” within 60 days
- Notice to CEs by BAs when BAs discover a breach
- Notice to “prominent media outlets” about breaches of more than 500 patient records
- Notice to “next of kin” about breaches of patients who are deceased
- Notice to the secretary of HHS about breaches of 500 or more patient records without reasonable delay
- Annual notice to the secretary of HHS of breaches of fewer than 500 patient records when their PHI is unsecure (which poses a significant financial risk or other harm to the individual)
The Federal Trade Commission (FTC) also issued its final rule requiring some Internet-based businesses to notify consumers when there is a breach of consumer PHI, according to an FTC press release issued Monday.
- Medical Errors Third Leading Cause of Death, Senators Told
- 4 Tectonic Shifts Shaking Up Healthcare
- As States Regulate Provider Competition, Common Threads Emerge
- Chronic Disease Care Costs Get Bipartisan Attention
- CVS Ramps Up Retail Clinics with Provider Affiliations
- CareFirst Announces PCMH Program Results
- Mayo Tops U.S. News Best Hospitals Rankings
- Hospitals Seeking to Understand PPACA Impact Turn to Data
- Telemedicine Providers Welcome AMA Guidelines
- The case for concierge medicine