OCR: Breach Notification Final Rule Under Review
The Office for Civil Rights (OCR) called its withdrawal of the breach notification final rule from further review last week “routine, formal regulatory processes.”
In an e-mail to HealthLeaders Media, the HIPAA privacy and security rule enforcer says it needs further review to craft the final HITECH-required rule that sets the foundation for how covered entities and business associates (BAs) respond during a breach of unsecured protected health information (PHI).
“The final rulemaking will take into account the comments received on the interim final rule and our experiences with administering the new breach notification provisions since last September,” OCR writes in the e-mail. “These are routine, formal regulatory processes.”
OCR withdrew the rule from the hands of the Office of Management and Budget (OMB), which reviews rules for government agencies.
The breach notification interim final rule is still in effect. It was published August 24, 2009, in the Federal Register and went into effect about a month later.
The provisions in the rule include:
- Notice to patients of breaches "without reasonable delay" within 60 days
- Notice to covered entities by BAs when BAs discover a breach
- Notice to "prominent media outlets" on breaches of more than 500 individuals
- Notice to "next of kin" on breaches of patients who are deceased
- Notice to the Secretary of HHS of breaches of 500 or more without reasonable delay
- Annual notice to the Secretary of HHS of breaches of less than 500 of "unsecured PHI" that pose a significant financial risk or other harm to the individual, such as reputation
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- 3 Traits Personality Assessments Can't Reveal
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CHS Hacked, 4.5M Patient Records Compromised
- CFO Exchange: Healthcare Leaders Share 5 Innovative Ideas
- Business Roundup: M&A Activity Down Slightly in First Half of 2014
- Large Employers Trimming Healthcare Spending
- CNO on Hospital Redesign: 'You Can't Over-Communicate'