Health IT Pulse

Jul 30 2010   12:31PM GMT

Breach notification final rule withdrawn from OMB review

Beastwood Profile: Beastwood

Tags:
breach notification
HIPAA violations

Health care officials have been waiting months for federal officials to finalize the breach notification final rule. That wait will continue, though it won’t impact the way providers do business.

The Department of Health & Human Services (HHS) said today that it is withdrawing the final rule from review by the Office of Management and Budget (OMB). According to a brief statement, HHS wants to give breach notification further consideration and intends to publish a final rule in the Federal Register “in the coming months.”

The interim final rule for data breach notification was mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act’s update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The HITECH Act gives the Office for Civil Rights the power to levy hefty penalties on organizations — and business associates, who are now covered entities under HIPAA — who fall victim to a data breach.

Since going into effect last September, the interim final rule has, not surprisingly, resulted in additional data breach notifications. However, members of Congress took umbrage with the interim final rule’s material harm threshold, which, they said, was not in the spirit of the HITECH Act. (This means that providers must notify patients about a data breach if the providers determine that the breach results in material harm.) Ultimately, that’s why the rule was withdrawn from OMB review, Modern Healthcare reports (registration required).

The rule is still in effect, though, as its withdrawal does not mean that providers no longer have to abide by it. Whether the harm threshold will change remains to be seen. Stay tuned.

4  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • SearchHealthIT
    #HIPAA breach notification final rule pulled from OMB review; still in effect https://bit.ly/bILtYi #HITECH #healthIT
    0 pointsBadges:
    report
  • Jenny Laurello
    Breach notification final rule withdrawn from OMB review https://bit.ly/9eTcay #HIPAA #HIT HealthIT #HITPol
    0 pointsBadges:
    report
  • Accellion
    RT @HITExchange: Breach notification final rule withdrawn from OMB review https://bit.ly/9eTcay #HIPAA #HIT HealthIT #HITPol
    0 pointsBadges:
    report
  • Beastwood
    Additional coverage of the breach notification rule withdrawal has emerged since Friday. Here’s a quick roundup: [ULIST][A href="http://www.healthcareitnews.com/news/hhs-withdrawal-breach-notification-rule-pleases-privacy-advocates "]Healthcare IT News[/A] speaks to the organization Patient Privacy Rights, which had likened the harm threshold to “letting the fox guard the hen house” and was pleased to see it being reconsidered. [A href="http://www.healthleadersmedia.com/content/TEC-254602/OCR-Breach-Notification-Final-Rule-Under-Review.html"]HealthLeaders Media[/A] asks if the OMB if the withdrawal was directly related to Congressional opposition to the harm threshold and receives a “No comment.” In a related story, [A href="http://www.eweek.com/c/a/Health-Care-IT/Data-Breaches-Hit-113-Health-Care-Organizations-Report-Says-799761 "]eWEEK[/A] notes that there have been data breaches at 113 health care organizations so far in 2010. This compares to only 38 financial institutions and suggests that banks are far better at monitoring database activity.[/ULIST]
    2,000 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: