This is not true. All hipaa breaches must be reported. The U.S. Department of Health and Human Services (HHS) DOES REQUIRE breach notification. HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of the HITECH Act. Source: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html - It's also important to keep in mind that almost every state has breach notification laws that must be followed in the event of a hipaa breach too!
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.