Since 2009, as mandated by the Health Insurance Portability and Accountability Act (HIPAA), covered entities (CEs) have been required to notify individuals when their unsecured PHI has been breached. The breach notification rules changed in 2013 with the publication of the HIPAA Omnibus final rule in January 2013, which implemented provisions of statutory amendments contained in the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009.
In this Wolters Kluwer Health Law Daily article, Alisa Chestler discusses recent trends in data breaches and offers advice as to how providers can work to prevent them. Ms. Chestler says that the Omnibus final rule has changed the way that CEs prepare for potential breaches. "I think the real change is to actually have a breach notification plan in places." She notes, "Prior to HITECH we saw either no security plan in place or an off the shelf plan that had very little relevance to the operations. We are encountering that problem less and less."
Read the Article
©2014 CCH Incorporated. All Rights Reserved. Reprinted with permission from Health Law Daily.