HIPAA Final Rule Drops ‘Risk of Harm’ Standard.

In its HIPAA final rue, HHS chose to drop the harm standard that a breach does not occur unless the disclosure poses "a significant risk of financial, reputational, or other harm to an individual." Instead, a breach notification is necessary in all situations except those in which the provider demonstrates that there is a low probability that the protected health information has been compromised.

The final HIPAA Omnibus Rule, delayed for almost a year, was finally released on Jan. 17.

The rule actually combines four separate rulemakings, including the changes to HIPAA privacy and security rules required under the HITECH Act; data breach enforcement and penalty requirements; regulations related to the HITECH Act's breach notification rule; and changes to HIPAA to incorporate the Genetic Information Nondiscrimination Act.

read more

HIPAA Final Rule Drops ‘Risk of Harm’ Standard.

Read more: HIPAA Final Rule Drops ‘Risk of Harm’ Standard