Health Law Alert: Breach Reporting Plans: Practical Preparation for the (Almost) Inevitable Breach


If there is one aspect of the HITECH Act amendments to the HIPAA privacy rule that has had a major impact on the health care provider community and its business associates, it is the so called “Breach Notification Rule.” The rule requires that covered entities (and their business associates) report breaches of unsecured protected health information to both the subject individuals and to the Secretary of Health and Human Services, unless the breach falls within a narrow statutory exception or, at least at present, the breach fails to reach a controversial “harm threshold.” (For a more detailed discussion of the Breach Notification Rule, and its detailed reporting requirements, see Jim and Josh’s article, “HITECH Act Breach Notification Rule Now in Effect, But No Sanctions Apply Until 2010.”) While this rule caused quite a stir in the HIPAA community, it is also important to remember that it represents only half of the puzzle – in many states, local data breach notification laws impose even stricter requirements and shorter time lines.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Baker Donelson | Attorney Advertising

Written by:


Baker Donelson on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.