The HIPAA Omnibus Update rules has a number of changes to HIPAA regulations of which all the HIPAA-related entities should be aware, and the HIPAA Breach Notification Rule has later standards for the task of determining what qualifies as a reportable breach. The updated regulations for Security and Breach Notification now enforceable should be considered by all HIPAA-related entities, and they also need to change their policies and procedures in order to meet the new standards.
HIPAA Breach Notification rules now require notification of individuals and HHS when the information security is breached. If there is a breach of the protected health information, which does not even qualify for one of the reporting exceptions, the breach should be reported, unless a risk assessment shows that there is a very “low probability of compromise.” All reportable breaches should be reported to the Secretary of the US Department of Health and Human Services at least annually. There are many additional steps to take if the breach has affected more than 500 individuals, including the media notices and the immediate notification of HHS.
HIPAA Breach Notification rules now require notification of individuals and HHS when the information security is breached. If there is a breach of the protected health information, which does not even qualify for one of the reporting exceptions, the breach should be reported, unless a risk assessment shows that there is a very “low probability of compromise.” All reportable breaches should be reported to the Secretary of the US Department of Health and Human Services at least annually. There are many additional steps to take if the breach has affected more than 500 individuals, including the media notices and the immediate notification of HHS.
