HHS Withdraws Proposed Final Breach Notification Rule
August 30th, 2010
The U.S. Department of Health and Human Services has issued a statement announcing the withdrawal of the Interim Final Rule for Breach Notification for Unsecured Protected Health Information “to allow for further consideration, given the Department’s experience to date in administering the regulations.”
The Interim Rule requires health care providers, health plans, and other handlers of patient health records to notify patients if identifiable health information is exposed by security breaches. It became effective on September 23, 2009. Despite the withdrawal of the proposed final rule, the interim rule remains in effect. HHS plans to publish a final rule in the Federal Register in the months to come.
Criticism of the bill came mainly from patient privacy advocates and centered on the “harm standard,” which in the case of a breach, allows providers, plans, and other handlers of patient information to determine the extent of harm done and whether patient notification is required under the rule.
More information is available from the HHS website, and from this article by Diana Manos of Healthcare IT News.
Entry Filed under: News
Trackback this post