Security Pro: Lots of Work Ahead to Educate BAs on New Breach Rule

Published
  • January 24 2013, 5:59pm EST

With the federal government redefining what a breach of protected health information is, the industry will see more reporting of breaches to the HHS Office for Civil Rights, predicts Doug Pollack, chief marketing officer at ID Experts, a data breach prevention and remediation firm. And the work that covered entities have to do to educate business associates, and the work BAs must do to bone up on PHI protection and compliance with the rules, is sizable.

Gone in the final omnibus HIPAA rule, issued Jan. 17 and being published on Jan. 25, is the “harm threshold” under which organizations did not have to report unless a breach was assessed as potentially causing financial, reputational or other harm to affected individuals. It is replaced with a risk assessment threshold that OCR believes is more objective when determining if protected health information has been compromised.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access

Comments