The requirements for Breach Notification did not exist under HIPAA. They were promulgated as part of the HITECH Act, specifically section 13402. HHS subsequently issued regulations pertaining to Breach Notification in 45 CFR 164 (Subpart D).
Keep in mind that many states have also promulgated breach notification laws which may be more or less stringent, or even different from the HITECH requirements. You can find information about state breach laws here.
Looking for a best of breed HIPAA Training?
To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.
If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH / HIPAAexperience?
Comments