In August 2009, the Department of Health and Human Services (HHS) issued its interim final rule with regard to requirements for notification in the event of a breach of unsecured protected health information (PHI). Among other notification requirements (including notice to impacted individuals and in some cases notice to the media), the interim final rule requires covered entities (i.e. health plans, healthcare clearinghouses or certain health care providers) to provide notice to HHS of any breach of unsecured PHI....
Please see full publication below for more information.