OCR: Breach Notification Final Rule Under Review
The Office for Civil Rights (OCR) called its withdrawal of the breach notification final rule from further review last week “routine, formal regulatory processes.”
In an e-mail to HealthLeaders Media, the HIPAA privacy and security rule enforcer says it needs further review to craft the final HITECH-required rule that sets the foundation for how covered entities and business associates (BAs) respond during a breach of unsecured protected health information (PHI).
“The final rulemaking will take into account the comments received on the interim final rule and our experiences with administering the new breach notification provisions since last September,” OCR writes in the e-mail. “These are routine, formal regulatory processes.”
OCR withdrew the rule from the hands of the Office of Management and Budget (OMB), which reviews rules for government agencies.
The breach notification interim final rule is still in effect. It was published August 24, 2009, in the Federal Register and went into effect about a month later.
The provisions in the rule include:
- Notice to patients of breaches "without reasonable delay" within 60 days
- Notice to covered entities by BAs when BAs discover a breach
- Notice to "prominent media outlets" on breaches of more than 500 individuals
- Notice to "next of kin" on breaches of patients who are deceased
- Notice to the Secretary of HHS of breaches of 500 or more without reasonable delay
- Annual notice to the Secretary of HHS of breaches of less than 500 of "unsecured PHI" that pose a significant financial risk or other harm to the individual, such as reputation
- As Medicare Advantage Cuts Loom, Disagreement Over Program's Stability
- Doctors Feel Pressure to Accept Risk-based Reimbursement
- Surgical Checklists Unused in 10% of Hospitals, CMS Data Shows
- Centralizing the Revenue Cycle Protects the Bottom Line
- A Fresh Look at End-of-Life Care
- CA Fines 8 Hospitals for Medical Errors
- 3 in 4 Patients Want E-mail Consultations
- Heart Attack Patient Costs Skyrocket Beyond 30 Days
- ACGME Chief Sees 'Huge' Risk of Error in Proposed Assistant Physician Licensure
- 3 Insider Tips on Cutting Costs without Strangling Growth