HIPAA Breach Notification Rule
In August 2009, the interim final rule of breach notification was issued and implemented section 13402 of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The breach notification rule requires HIPAA covered entities and their business associates to notify breach of unsecured protected health information.
Unsecured Protected Health Information and GuidanceIn April 2009, the guidance on HITECH Breach Notification was issued with an appeal for public comments. After consideration of public comments and implementing adequate changes the guidance was reissued as Guidance Specifying the Technologies and Methodologies That Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals for Purposes of the Breach Notification Requirements Under Section 13402 of Title XIII (Health Information Technology for Economic and Clinical Health Act) of the American Recovery and Reinvestment Act of 2009; Request for Information.
Also, the guidance is applicable to unsecured personal health record identifiable health information under the FTC regulations. It states that the covered entities and business associates should only provide required notification if the breach involved unsecured protected health information. As per the guidance, covered entities, business associates, and FTC regulated entities securing guidance specified information are not required for providing notifications following the breach of such information.
Requirements of HIPAA Breach Notification RuleIn case of breach of unsecured protected health information, the covered entities must provide following notices:
-
Individual Notice
-
Media Notice
-
Notice to the Secretary
-
Notification by a Business Associate
Price: $49.00
Price: $129.00
Price: $59.00
