HIPAA Final Rule: Breach Risk Assessment Factors for “Probability Standard”

January 29, 2013.  Today, we cover the four risk assessment factors pertaining to breach notification in the Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules:  Final Rule that was published in the Federal Register on Friday, January 25, 2013.  As discussed in yesterday’s post, these risk assessment factors are used in assessing the probability of impermissible use or disclosure compromising protected health information, thereby requiring breach notification. This “probability standard” replaces the “harm standard,” becomes effective March 26, 2013, and requires compliance…

READ MORE

CMS Issues Final Administrative Simplification Final Rules Regarding Identifiers and ICD-10 Code Set Compliance Delay

August 24, 2012.  Today, the Office of Management and Budget (OMB) completed review and sent to the Federal Register for publication on September 5, 2012, the Centers for Medicare & Medicaid Services (CMS) Final Rule:  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets.  The effective date of the Rule is November 5, 2012.  Prior to publication, the Final Rule may be examined at or downloaded from the Office of the Federal Register’s Electronic Public Inspection Desk. Here…

READ MORE