PHI Breach Rules Input Sought
The Department of Health and Human Services (HHS) seeks your input on final guidelines regulating the handling of unsecured protected health information (PHI) breaches by May 21. The rules are mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.
The guidelines, a recently enacted stimulus bill provision, require providers, payers, and others who maintain PHI to identify breaches and handle them promptly. It requires notification via email and a first-class letter posting of the breach on the entity’s Web site, as well as announcements via news media, depending on the breach’s size.
The bulk of the proposed HHS guidelines, however, address how PHI is to be made indecipherable, what methods and technologies are necessary for protection, and what the federal timelines are for doing so.
Learn how and where to submit your comments by May 21 on the HHS Web site.