HIPAA ENFORCEMENT:
Update Patients on Privacy and Security Breaches.
Published on Sun Sep 06, 2009
Interim final rule outlines your responsibility for protecting patients' data. You know that you must keep your patients' protected health information safe from prying eyes, but that obligation just increased. New: If a privacy or security breach affects more than 500 patients, you must alert those patients, the Department of Health and Human Services' secretary, and the media, according to a new interim final rule published by HHS in the Aug. 24 Federal Register. The interim rule also demands that your business associates let you know immediately when a privacy or security breach occurs on their end. However, if a breach affects fewer than 500 patients, you only must report it to the HHS secretary on an annual basis. Reasoning: The new rule will ensure that "covered entities and business associates are accountable to the Department and to individuals for proper safeguarding of the private information entrusted to their care," [...]