HIPAA Final Rule Drops ‘Risk of Harm’ Standard.
In its HIPAA final rue, HHS chose to drop the harm standard that a breach does not occur unless the disclosure poses "a significant risk of financial, reputational, or other harm to an individual." Instead, a breach notification is necessary in all situations except those in which the provider demonstrates that there is a low probability that the protected health information has been compromised.
The final HIPAA Omnibus Rule, delayed for almost a year, was finally released on Jan. 17.
The rule actually combines four separate rulemakings, including the changes to HIPAA privacy and security rules required under the HITECH Act; data breach enforcement and penalty requirements; regulations related to the HITECH Act's breach notification rule; and changes to HIPAA to incorporate the Genetic Information Nondiscrimination Act.
HIPAA Final Rule Drops ‘Risk of Harm’ Standard.
Leave a Reply
You must be logged in to post a comment.