HIPAA-covered healthcare providers must notify individuals of information breaches under new rule

Share this article:
New bill would exempt small healthcare providers from 'red flags' rule
New bill would exempt small healthcare providers from 'red flags' rule

The Department of Health and Human Services has released an interim rule regarding healthcare information privacy breaches.

Under the rule, healthcare providers and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) must notify individuals when the privacy of their "unsecured" health information is breached. The guidelines, which are published in today's Federal Register, implement provisions of the Information Technology for Economic and Clinical Health Act. The notifications encompass breaches that occur on or after Sept. 24.

Because covered entities may require time to comply with the guidelines, HHS will use its "enforcement discretion" and not immediately impose sanctions on those that fail to inform people of breaches. But HHS plans to work with those entities over the next six months to achieve compliance.

To find out more, go to the Federal Register home page here.

Share this article:

More in News

Bulk of Medicaid to be managed care in two years: Avalere

Bulk of Medicaid to be managed care in ...

More than three-quarters of Medicaid beneficiaries will be enrolled in a managed care plan as of 2016, according to an Avalere Health analysis released Thursday. The numbers reveal that managed ...

Nursing home asked for employee's personal information too often, jury rules

The human resources department of a Maine nursing home did not properly protect a former employee's personal identification information, a jury recently ruled.

Test could confirm sepsis within an hour

Nursing home residents might benefit from a new way of diagnosing and treating sepsis made possible by discoveries out of the University of British Columbia.