HIPAA-covered healthcare providers must notify individuals of information breaches under new rule

Share this article:
New bill would exempt small healthcare providers from 'red flags' rule
New bill would exempt small healthcare providers from 'red flags' rule

The Department of Health and Human Services has released an interim rule regarding healthcare information privacy breaches.

Under the rule, healthcare providers and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) must notify individuals when the privacy of their "unsecured" health information is breached. The guidelines, which are published in today's Federal Register, implement provisions of the Information Technology for Economic and Clinical Health Act. The notifications encompass breaches that occur on or after Sept. 24.

Because covered entities may require time to comply with the guidelines, HHS will use its "enforcement discretion" and not immediately impose sanctions on those that fail to inform people of breaches. But HHS plans to work with those entities over the next six months to achieve compliance.

To find out more, go to the Federal Register home page here.

Share this article:

More in News

$1.3 million settlement marks second recent deal over SNF supervision of therapy providers

$1.3 million settlement marks second recent deal over ...

A Maryland nursing home company has agreed to a $1.3 million settlement over charges that it did not prevent overbilling by its contracted therapy provider, federal authorities announced Monday. This ...

MedPAC chairman: Three-day stay requirement is 'archaic'

The government should pay for skilled nursing care without a preliminary three-day hospital stay, and the recovery auditor program should be reformed, Medicare Payment Advisory Commission members said at a meeting Friday.

Nursing homes can't carve out billing, collections in arbitration agreements, AR Supreme ...

A nursing home arbitration agreement largely reserved the provider's rights to sue residents while limiting residents' legal options, causing it to fail a "mutual obligation" requirement, the Arkansas Supreme Court recently ruled .