The new rules, part of the Health Information Technology for Economic and Clinical Health Act, require healthcare providers and other HIPAA-covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals, according to the release. Breaches that affect less than 500 individuals will be reported to HHS annually.
Business associates of covered entities will be required to notify the entity of any breaches at or by the associate, according to the release.
Additionally, HHS has issued an update to its guidance specifying encryption and destruction as the technologies and methodologies that render protected health information unusable, unreadable or indecipherable to unauthorized individuals, which will be updated annually.
Read the HHS news release about the new healthcare information breach notification regulations.
HHS Issues New Regulations Requiring Patients to Be Notified of Breach of Their Health Information
News and AnalysisNew regulations from the Department of Health and Human Services require healthcare providers, health plans and other entities covered under HIPAA to notify individual when their healthcare information has been breached, according to an HHS news release.
Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.