HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Final HIPAA Breach Notification Rule

January 29, 2013

FierceHealthIT is running my commentary on the HIPAA Breach Notification Rule. Here's an excerpt, highlighting the final regulation text, and the shift from the harm standard in the interim final rule (IFR). Please follow the link to read the rest of the post. 

The IFR required a risk assessment to be done in order to determine whether the risk of harm was present. The feds observe in the commentary to the final rule that some folks "may have interpreted the risk of harm standard in the [IFR] as setting a much higher threshold for breach notification than we intended to set." Hence the "clarification" in the final rule that:

an acquisition, access, use, or disclosure of protected health information in a manner not [otherwise] permitted is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment of at least the following factors:

(i) The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;

(ii) The unauthorized person who used the protected health information or to whom the disclosure was made;

(iii) Whether the protected health information was actually acquired or viewed; and

(iv) The extent to which the risk to the protected health information has been mitigated.

45 CFR 164.402 (emphasis added).

This revision is intended to provide a more objective standard, in response to comments filed in connection with the IFR.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

 

Filed Under: Health care policy, Health Law, HIPAA, HIT, Privacy, Security

you might also like:

  1. HIPAA Final Rule on Privacy, Security, Breach Notification and Enforcement Issued, Finally

  2. Comments on HITECH Act breach notification rule – from Capitol Hill

  3. Son of HIPAA Breach Notification Rules and Business Associate Requirements: Who's Ready?

« HIPAA Omnibus Rule – Google+ Hangout
HIPAA Omnibus Final Rule – What’s in it for Patients? »

Follow me on Twitter

David Harlow πŸ’‰πŸ˜· Follow 42,881 17,567

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
22m 1618728026862149632

ICYMI> Dan Greenleaf, CEO of Modivcare on Digital Tools with a Human Touch β€” Harlow on Healthcare https://healthblawg.com/2022/01/dan-greenleaf-modivcare.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Dan Greenleaf, CEO Twitter feed image.
Reply on Twitter 1618728026862149632 Retweet on Twitter 1618728026862149632 0 Like on Twitter 1618728026862149632 0 Twitter 1618728026862149632
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
39m 1618723806939340806

The Harlow #Healthcare #Innovation Daily https://paper.li/healthblawg/1489156253?share_id=103fa990-9dc1-11ed-ad57-fa163e65ae25 #digitalhealth #hcldr #HarlowOnHC Thanks to @MailMyStatement @NovaBACKUP #digitalhealth #healthtech

Reply on Twitter 1618723806939340806 Retweet on Twitter 1618723806939340806 0 Like on Twitter 1618723806939340806 0 Twitter 1618723806939340806
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
7h 1618627492033531906

The latest Harlow On Health Care Daily #HarlowOnHC #digitalhealth #healthcare #innovation #privacy #hcldr Thx: @EricTopol @raeannephd @MobiHealthNews #digitalhealth #healthtech

Image for twitter card

It's time for banks to get more intelligent about artificial intelligence

americanbanker.com Artificial intelligence now has the potential to fundamentally change customers' relationships with banks...

paper.li

Reply on Twitter 1618627492033531906 Retweet on Twitter 1618627492033531906 0 Like on Twitter 1618627492033531906 0 Twitter 1618627492033531906
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]