The Department of Health and Human Services has temporarily withdrawn a final rule requiring certain healthcare facilities to notify patients when there is a breach of the privacy of their “unsecured” health information.
HHS submitted an interim final rule for breach notification in August of 2009. The rule implemented provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH). (McKnight’s, 8/24/09) HHS submitted a final rule to the Office of Management and Budget (OMB) for review on May 14. The rule would apply to healthcare providers and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA).
HHS recently withdrew the final rule from OMB consideration to “allow for further consideration.” A final rule is expected in the coming months, according to HHS. The withdrawal does not affect the interim rule.
