HHS Puts More Teeth Into HIPAA Regulations
HHS released an interim final rule on breach notification and the acceptable methods for covered entities (CEs) and business associates (BAs) to encrypt and destroy patient records in order to prevent breaches of protected health information (PHI).
The American Recovery and Reinvestment Act (ARRA) of 2009 required HHS to issue the final guidance, six months after President Barack Obama signed into law Title XIII of the ARRA — the Health Information Technology for Clinical and Economic Health (HITECH) Act.
The breach notification regulations take effect September 23.
However, covered entities need not worry about HHS enforcement until February 22, 2010.
HHS says in the Federal Register it will "use our enforcement discretion to not impose sanctions for failure to provide the required notifications for breaches that are discovered before 180 calendar days from the publication of this rule, or February 22, 2010."
The regulations include the following:
- Notice to patients alerting them to breaches “without reasonable delay” within 60 days
- Notice to CEs by BAs when BAs discover a breach
- Notice to “prominent media outlets” about breaches of more than 500 patient records
- Notice to “next of kin” about breaches of patients who are deceased
- Notice to the secretary of HHS about breaches of 500 or more patient records without reasonable delay
- Annual notice to the secretary of HHS of breaches of fewer than 500 patient records when their PHI is unsecure (which poses a significant financial risk or other harm to the individual)
The Federal Trade Commission (FTC) also issued its final rule requiring some Internet-based businesses to notify consumers when there is a breach of consumer PHI, according to an FTC press release issued Monday.
- MU Compliance Announcement Sparks Concern, Confusion
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- Telehealth Improves Patient Care in ICUs
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- Scary Financial Challenges for 2014
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Douglas Hawthorne—A Chance to Do Something Big
- LifePoint Bolsters Presence in Michigan's Upper Peninsula
- Hospital M&A Volume Up, Value Down in 3Q
- Small Doesn't Mean Doomed