The new rules, part of the Health Information Technology for Economic and Clinical Health Act, require healthcare providers and other HIPAA-covered entities to promptly notify affected individuals of a breach, as well as the HHS Secretary and the media in cases where a breach affects more than 500 individuals, according to the release. Breaches that affect less than 500 individuals will be reported to HHS annually.
Business associates of covered entities will be required to notify the entity of any breaches at or by the associate, according to the release.
Additionally, HHS has issued an update to its guidance specifying encryption and destruction as the technologies and methodologies that render protected health information unusable, unreadable or indecipherable to unauthorized individuals, which will be updated annually.
Read the HHS news release about the new healthcare information breach notification regulations.
At the Becker's 23rd Annual Spine, Orthopedic and Pain Management-Driven ASC + The Future of Spine Conference, taking place June 18–20 in Chicago, spine surgeons, orthopedic leaders and ASC executives will come together to explore minimally invasive techniques, ASC growth strategies and innovations shaping the future of outpatient spine care. Apply for complimentary registration now.
