Sitemap | News & Events | Careers | Client Login

Archive for the ‘HIPAA’ Category

New HIPAA Requirements: Individuals Must Be Notified of Breaches of Their Health Information

 

This week the US Department of Health and Human Services (HHS) issued new regulations requiring entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when a breach of their health information occurs.  As part of the 2009 economic stimulus legislation, Congress passed the Health Information Technology for Economic and Clinical Health (HITECH) Act, requiring HHS to issue breach notification rules.  These new regulations are effective September 23, 2009.  HHS, however, has stated in response to concerned commenters that the government will not enforce the penalties for any failure to provide proper notification for any breaches that occur prior to February 22, 2010.

 

The new rules require health care providers and any entities covered under HIPAA to notify affected individuals after a breach of unsecured protected health information (PHI).  In addition, a business associate of a covered entity must notify the covered entity when it discovers a breach of such information so that the covered entity may take appropriate steps to notify affected individuals.  According to the rules, a “breach” includes any unauthorized “acquisition, access, use or disclosure” of PHI which compromises the security or privacy of that information.  However, the rules provide several types of disclosure as exceptions to this definition.  For example, it is not considered a breach if the recipient of the information would not have had enough time to retain the information.

 

After a breach is discovered, the covered entity must notify the affected individuals within a reasonable time, but in no case later than 60 calendar days.  If the breach affects fewer than 500 individuals, the covered entity must maintain a log of the breach and subsequent notification for submission to the Secretary of HHS on an annual basis.  If the breach affects more than 500 individuals, however, the covered entity must notify the Secretary of HHS immediately and inform prominent regional media of the breach. 

 

Read more at source – New HIPAA Requirements: Individuals Must Be Notified of Breaches of Their Health Information


Comments (0)
Posted in: HIPAA by Steve Sequenzia on September 22, 2009
BLOG UPDATES
  • Windows 2008 R2 DNS issues
  • New HIPAA Requirements: Individuals Must Be Notified of Breaches of Their Health Information
  • U.S. lags the world’s top adopters of electronic health records
  • The “Cloud” is coming; Windows 7 Embedded Enterprise released to manufacturing
  • Tether iPhone on Windows 7 without iTunes
  • Cloud Computing Transitions
  • HIT Systems goes vertical
    • BLOG TAGS
  • Cloud Computing (2)
  • Electronic Health Records (1)
  • General (2)
  • HIPAA (1)
  • HIT Systems (1)
  • iPhone (1)
  • Windows 7 (2)
    • BLOG ARCHIVE
  • September 2009
    • CONNECT WITH HIT SYSTEMS

     Facebook


     Twitter


     LinkedIN


     Blog Feed

    Solutions  |  Company  |  Industry Insights  |  Investor Relations  |  Support  |  FAQ  |  Contact Us  |  Blog

    News & Events  |  Careers  |  Client Login  |  Chat Live Now  |  Request a Demo  |  ROI Calculator

    HIT Systems Inc | 1030 N Orange Ave Suite 105 Orlando FL 32801 | 877-HIT-SYSTEMS | info@hitsystems.com

    Share/Save/Bookmark