OCR: Breach Notification Final Rule Under Review
The Office for Civil Rights (OCR) called its withdrawal of the breach notification final rule from further review last week “routine, formal regulatory processes.”
In an e-mail to HealthLeaders Media, the HIPAA privacy and security rule enforcer says it needs further review to craft the final HITECH-required rule that sets the foundation for how covered entities and business associates (BAs) respond during a breach of unsecured protected health information (PHI).
“The final rulemaking will take into account the comments received on the interim final rule and our experiences with administering the new breach notification provisions since last September,” OCR writes in the e-mail. “These are routine, formal regulatory processes.”
OCR withdrew the rule from the hands of the Office of Management and Budget (OMB), which reviews rules for government agencies.
The breach notification interim final rule is still in effect. It was published August 24, 2009, in the Federal Register and went into effect about a month later.
The provisions in the rule include:
- Notice to patients of breaches "without reasonable delay" within 60 days
- Notice to covered entities by BAs when BAs discover a breach
- Notice to "prominent media outlets" on breaches of more than 500 individuals
- Notice to "next of kin" on breaches of patients who are deceased
- Notice to the Secretary of HHS of breaches of 500 or more without reasonable delay
- Annual notice to the Secretary of HHS of breaches of less than 500 of "unsecured PHI" that pose a significant financial risk or other harm to the individual, such as reputation
- CVS Ramps Up Retail Clinics with Provider Affiliations
- Medical Errors Third Leading Cause of Death, Senators Told
- 4 Tectonic Shifts Shaking Up Healthcare
- As States Regulate Provider Competition, Common Threads Emerge
- Chronic Disease Care Costs Get Bipartisan Attention
- CareFirst Announces PCMH Program Results
- Mayo Tops U.S. News Best Hospitals Rankings
- Hospitals Seeking to Understand PPACA Impact Turn to Data
- Telemedicine Providers Welcome AMA Guidelines
- Recruiting Retired Clinicians