A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA Breach Notification Rule

Changes to the HIPAA Breach Notification Rule -

Background: The HITECH Act required Covered Entities to notify individuals, HHS, and in some cases, the media, of a Breach of Unsecured PHI. A Business Associate is required to notify the Covered Entity of any such Breaches so that the Covered Entity may make the notifications listed above. In response to the HITECH Act, OCR issued an interim final Breach Notification Rule effective on September 23, 2009 incorporating the requirements of the HITECH Act.

In the interim final Breach Notification Rule, a Breach was defined as, subject to certain exceptions, the unauthorized acquisition, access, use, or disclosure of PHI which compromises the security or privacy of such information, except where an unauthorized person to whom the information is disclosed would not reasonably have been able to retain such information. An unauthorized acquisition, access, use, or disclosure of PHI compromised the security or privacy of the PHI if it posed a significant risk of financial, reputational, or other harm to the individual. In other words, to determine if a Breach occurred as a result of an impermissible use or disclosure of PHI, a Covered Entity was required to perform a risk assessment to determine if there was a significant risk of harm to the individual.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Topics:  Business Associates, Covered Entities, Data Breach, HIPAA, HIPAA Omnibus Rule, HITECH, Notice Requirements, OCR, PHI, Risk Assessment

Published In: Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Womble Carlyle Sandridge & Rice, LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »