Breach Notification Rule
OCR developed regulations under HITECH that require covered entities to notify individuals affected by a breach, the HHS Secretary, and the media when a breach occurs involving more than 500 individuals. Breaches involving fewer than 500 individuals must be reported to the HHS Secretary annually. Business associates must notify covered entities of breaches. This is an interim final rule. This is in the spirit of making CEs and BAs accountable to the HHS and individuals for properly safeguarding PHI (protected health information).
Posted on March 15, 2011, in Definitions and Concepts, HITECH and tagged breach notification interim final rule, breach notification rule, EHR, EMR, HITECH, HITECH Act, HITECH breach notification interim final fule, PHI, protected health information. Bookmark the permalink. Leave a comment.