HIPAA Final Rule: Breach Notification Guidance Safe Harbor

January 30, 2013.  Today, we look at the definition of unsecured protected health information and the Guidance Specifying the Technologies and Methodologies that Render Protected Health Information Unusable , Unreadable, or Indecipherable to Unauthorized Individuals [“Guidance”] as discussed in the January 25, 2013 Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act]; Other Modifications to the HIPAA Rules.  The Final Rule becomes effective on March 26, 2013, and requires compliance by covered entities and business associates on September 23, 2013. Here is the definition of unsecured protected health information: “protected health information that is…

READ MORE

HIPAA Final Rule: Breach Risk Assessment Factors for “Probability Standard”

January 29, 2013.  Today, we cover the four risk assessment factors pertaining to breach notification in the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules:  Final Rule that was published in the Federal Register on Friday, January 25, 2013.  As discussed in yesterday’s post, these risk assessment factors are used in assessing the probability of impermissible use or disclosure compromising protected health information, thereby requiring breach notification. This “probability standard” replaces the “harm standard,” becomes effective March 26, 2013, and requires compliance…

READ MORE