|
HHS Pulls Breach Notification Final RuleThe HIPAA Administrative Simplification; Notification in the Case of Breach Final Rule (Regulation Identifier Number (RIN) 0991-AB56) has been at the Office of Management and Budget (OMB) since May 14, 2010, for Executive Order (EO) 12866 review and approval prior to publication in the Federal Register. On July 28, 2010, HHS “withdrew” this Final Rule, “to allow for further consideration, given the Department’s experience to date in administering the regulations. |
|
|
OCR Reports 107 Breaches Affecting Over 4 Million Individuals (II)The Office for Civil Rights (OCR) regularly updates its Web site listing of breaches affecting 500 or more individuals. As of July 2, 2010, there were 107 breaches listed that were reported to have occurred between September 22, 2009 and June 11, 2010. Individuals affected by these publicly listed breaches totaled 4,086,980. Six of the 107 breaches, or 5.6% of the total, affected 3,353,627 individuals, or 82% of the total. This is the second of three postings that analyzes the data from these 107 breaches. This posting (II) covers paper breaches. The first posting (I) covered electronic breaches, and the final posting (III) looks at the prevalence of business associate involvement. |
|
|
HIPAA Privacy, Security, Enforcement Rule Modifications NPRM at Federal RegisterThis morning, July 8, 2010, HHS’ Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health Act Notice of Proposed Rulemaking (NPRM) was posted at the Federal Register for public access prior to publication. It will be published on Wednesday, July 14, 2010. The 234 page NPRM can be accessed in portable document format (pdf) online at: http://www.ofr.gov/OFRUpload/OFRData/2010-16718_PI.pdf. There will be a 60-day comment period relating to the content of the NPRM. |
|
|
OMB Completes Review of HIPAA/HITECH Act Privacy, Security, Enforcement Rule Modifications NPRMOn July 1, 2010, the Office of Management and Budget (OMB) completed review of the Notice of Proposed Rulemaking (NPRM) entitled: Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the health Information Technology for Economic and Clinical Health Act [HITECH Act](RIN: 0991-AB57). The NPRM was received at OMB for review on April 12, 2010. It likely will be published in the Federal Register imminently. |
|
|
OCR Reports 107 Breaches Affecting Over 4 Million Individuals (I)As of the July 4th holiday weekend, the Office for Civil Rights (OCR) has updated again its Web site listing of breaches affecting 500 or more individuals. As of July 2, 2010, there were 107 breaches listed that were reported to have occurred between September 22, 2009 and June 11, 2010. Individuals affected by these publicly listed breaches totaled 4,086,980. Six of the 107 breaches, or 5.6% of the total, affected 3,353,627 individuals, or 82% of the total. This is the first of three postings that analyzes the data from these 107 breaches. This posting (I) covers electronic breaches, the next posting (II) covers hard copy (paper) breaches, and the final posting (III) looks at the prevalence of business associate involvement. |
|
|
Reported Breaches of 500 or More Individuals up to 93 and Affecting Over 2.5 Million Individuals; Enforcement and PenaltiesAs of Friday, June 4, 2010, 93 breaches affecting 500 or more individuals have been reported on the Office for Civil Rights (OCR) Web site. The total number affected has gone beyond 2-1/2 million individuals today, and stands at 2,565,352 individuals. Of the 87 breaches involving breach of hard copy or electronic protected health information, 26% involve hard copy or paper records and 74% records on electronic media or devices. Overall, 71% of the 93 breaches involve theft or loss of records, many of which might have been avoided by appropriate securing of hard copy records and electronic media and devices. Below we remind readers of the Department of Health and Human Services (HHS) enforcement efforts for violations of the HIPAA Privacy and Security rules, and the increased penalty structure for violations of those rules and the HITECH Act Breach Notification Rule. |
|
|
FTC Delays Enforcement of FTC Red Flags Rule Fifth TimeThe original FTC Red Flags Rule compliance date deadline was extended three times from the original date of November 1, 2008, with an expected compliance date of November 1, 2009. Just prior to that date, the FTC extended for the fourth time the deadline for compliance to June 1, 2010. On May 28, 2010, the June 1, 2010, compliance date was extended a fifth time to December 31, 2010. |
|
|
OCR Stepping Up HIPAA Security EnforcementHealth Data Management (HDM) reported today, May 12, that the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) is going to strengthen HIPAA Security Rule enforcement, based on statements made on Tuesday, May 11 by the OCR Deputy Director for Privacy. These reported statements comes several days after OCR’s release on May 7 of its Draft Security Rule Guidance on Risk Analysis, the first in a series of guidances on security, that hipaa.com posted earlier today, and precedes the likely release later this month of the Notice of Proposed Rulemaking (NPRM): Modifications to the HIPAA Privacy, Security, and Enforcement Rules Under the Health Information Technology for Economic and Clinical Health Act. |
Syndicate this site
Sign up for email updates
Follow HIPAA.com on Twitter
