A Detailed Analysis of Changes to HIPAA and the Implications for Healthcare Providers and Others in the Healthcare Industry: HIPAA Breach Notification Rule


Changes to the HIPAA Breach Notification Rule -

Background: The HITECH Act required Covered Entities to notify individuals, HHS, and in some cases, the media, of a Breach of Unsecured PHI. A Business Associate is required to notify the Covered Entity of any such Breaches so that the Covered Entity may make the notifications listed above. In response to the HITECH Act, OCR issued an interim final Breach Notification Rule effective on September 23, 2009 incorporating the requirements of the HITECH Act.

In the interim final Breach Notification Rule, a Breach was defined as, subject to certain exceptions, the unauthorized acquisition, access, use, or disclosure of PHI which compromises the security or privacy of such information, except where an unauthorized person to whom the information is disclosed would not reasonably have been able to retain such information. An unauthorized acquisition, access, use, or disclosure of PHI compromised the security or privacy of the PHI if it posed a significant risk of financial, reputational, or other harm to the individual. In other words, to determine if a Breach occurred as a result of an impermissible use or disclosure of PHI, a Covered Entity was required to perform a risk assessment to determine if there was a significant risk of harm to the individual.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:


Womble Carlyle Sandridge & Rice, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.