The Department of Health and Human Services has issued an interim final rule governing notification of breaches of health information by HIPAA-covered entities.

The rule from the HHS Office for Civil Rights is available here. It will be effective 30 days after publication in the Federal Register in coming days and includes a 60-day comment period. The rule is mandated under the American Recovery and Reinvestment Act. The Federal Trade Commission recently issued a breach notification rule that covers vendors of personal health records and certain other entities not covered under HIPAA.

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access