HIPAA Breach Notification Final Rule Released By HHS

Yes, this website is called EMR and HIPAA, but as you can tell from the content I’m much more interested in EMR than I am in HIPAA. Although there is certainly some correlation.

That said, I think there’s some interesting things happening with HIPAA that people need to be aware of. HHS released the Breach Notification Final Rule. Healthcare POV said the following about the rule:

The Department of Health and Human Services (HHS) has released a final rule on breach notification requirements for covered entities (CEs) and business associates (BAs). Published in the Federal Register, the rule dictates proper procedure for responding to a breach, including when notification is required, who to tell and how to dispense that information. The rule also reiterates and clarifies recommended methods of data encryption.

The announcement came 2 days after the Federal Trade Commission (FTC) released its breach notification final rule, which covers personal health record vendors and other non-HIPAA CEs. HHS consulted with FTC on requirements and asked the public for input through a request for information released earlier this year.

The link above has more analysis of these changes as well. I’ll admit that I’m not an expert in this area. Anyone else who cares to chime in on the impact of these changes, I’d love to hear about it in the comments or even a guest blog post if someone’s interested.

About the author

John Lynn

John Lynn

John Lynn is the Founder of the HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.


  • All those large organizations that hold priceless data should be aware of the risks. Many have recently started to enforced mandatory encryption of significant data. There are a few options, but the easy one is to use Secure USB Flash Drive that really works great. If you must give your details, make sure that it’s protected!

Click here to post a comment