Friday, August 21, 2009
HHS Issues a Breach Notification Rule
The Department of Health and Human Services (HHS) published its rule on mandatory breach notification requirements, reports Government Health IT. The rule applies to all entities covered by the Health Insurance Portability and Accountability Act (HIPAA). The notification requirement stems from a Congressional mandate in the American Recovery and Reinvestment Act, (ARRA). "These protections will be a cornerstone of maintaining consumer trust as we move forward with meaningful use of electronic health records and electronic exchange of health information," said Robinsue Frohboese of the HHS Office for Civil Rights. Earlier this week, the FTC issued its rule on mandatory breach notification requirements for personal health records vendors.
For more on that rule here.