Question about your notification policy…

Dex

New member
If HHS doesn’t require us to notify patients every time we are breached, why do you recommend it?
 

petronella

Administrator
Staff member
This is not true. All hipaa breaches must be reported. The U.S. Department of Health and Human Services (HHS) DOES REQUIRE breach notification. HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of the HITECH Act. Source: https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html - It's also important to keep in mind that almost every state has breach notification laws that must be followed in the event of a hipaa breach too!
 
$900 Gets You HIPAA Security + 23-Point SEO Checkup - Learn More
Top