HHS Puts More Teeth Into HIPAA Regulations
HHS released an interim final rule on breach notification and the acceptable methods for covered entities (CEs) and business associates (BAs) to encrypt and destroy patient records in order to prevent breaches of protected health information (PHI).
The American Recovery and Reinvestment Act (ARRA) of 2009 required HHS to issue the final guidance, six months after President Barack Obama signed into law Title XIII of the ARRA — the Health Information Technology for Clinical and Economic Health (HITECH) Act.
The breach notification regulations take effect September 23.
However, covered entities need not worry about HHS enforcement until February 22, 2010.
HHS says in the Federal Register it will "use our enforcement discretion to not impose sanctions for failure to provide the required notifications for breaches that are discovered before 180 calendar days from the publication of this rule, or February 22, 2010."
The regulations include the following:
- Notice to patients alerting them to breaches “without reasonable delay” within 60 days
- Notice to CEs by BAs when BAs discover a breach
- Notice to “prominent media outlets” about breaches of more than 500 patient records
- Notice to “next of kin” about breaches of patients who are deceased
- Notice to the secretary of HHS about breaches of 500 or more patient records without reasonable delay
- Annual notice to the secretary of HHS of breaches of fewer than 500 patient records when their PHI is unsecure (which poses a significant financial risk or other harm to the individual)
The Federal Trade Commission (FTC) also issued its final rule requiring some Internet-based businesses to notify consumers when there is a breach of consumer PHI, according to an FTC press release issued Monday.
- CEO Exchange: Preparing for Population Health
- Advocate, NorthShore Deal Would Create 16-Hospital System
- Interventional Radiology No Longer a Sub-Specialty
- Top Reason for Nurse Turnover: Managers
- CEO Exchange: Pressure is On to Partner, Drive Quality
- Power of price: In South FL and the nation, healthcare costs often are shrouded in secrecy
- 3 Strategies for Retaining Millennial Employees
- Hospital mergers may lead to higher prices
- Healthcare data of 1 million NJ patients compromised since 2009