HHS Puts More Teeth Into HIPAA Regulations
HHS released an interim final rule on breach notification and the acceptable methods for covered entities (CEs) and business associates (BAs) to encrypt and destroy patient records in order to prevent breaches of protected health information (PHI).
The American Recovery and Reinvestment Act (ARRA) of 2009 required HHS to issue the final guidance, six months after President Barack Obama signed into law Title XIII of the ARRA — the Health Information Technology for Clinical and Economic Health (HITECH) Act.
The breach notification regulations take effect September 23.
However, covered entities need not worry about HHS enforcement until February 22, 2010.
HHS says in the Federal Register it will "use our enforcement discretion to not impose sanctions for failure to provide the required notifications for breaches that are discovered before 180 calendar days from the publication of this rule, or February 22, 2010."
The regulations include the following:
- Notice to patients alerting them to breaches “without reasonable delay” within 60 days
- Notice to CEs by BAs when BAs discover a breach
- Notice to “prominent media outlets” about breaches of more than 500 patient records
- Notice to “next of kin” about breaches of patients who are deceased
- Notice to the secretary of HHS about breaches of 500 or more patient records without reasonable delay
- Annual notice to the secretary of HHS of breaches of fewer than 500 patient records when their PHI is unsecure (which poses a significant financial risk or other harm to the individual)
The Federal Trade Commission (FTC) also issued its final rule requiring some Internet-based businesses to notify consumers when there is a breach of consumer PHI, according to an FTC press release issued Monday.
- Providers Lag as Consumers Set Agenda
- ICD-10 Delay Alters Provider, Vendor Prep
- Esther Dyson Launches Population Health Challenge
- Crisis Spurs Healthcare Payment Reform in Arkansas
- Payment Reform Naysayers 'Better Wake Up'
- Look Beyond Nurse-Patient Ratios
- HIT Leaders Want Flexibility, Transparency from Next HHS Chief
- Reduce Readmissions by Activating Patients to Do 'Self-Care'
- As Hospitalist Patient Loads Rise, So Do Hospital Costs
- Hospital Groups Back NQF Report on Patient Sociodemographics