Need a Quick Primer on HHS' Breach Notification Regulations?
Check Out AAFP's 'CliffsNotes' Version
By News Staff
10/13/2009
The Academy has unveiled a new resource that should help family physicians interpret language regarding new requirements from HHS that compel covered entities and their business associates to notify individuals if their health information is released inappropriately, or breached.
The HHS requirements are outlined in the Health Information Technology for Economic and Clinical Health, or HITECH, Act, which was part of the American Recovery and Reinvestment Act of 2009. The 32-page notice of the interim final rule was published in the Aug. 24 Federal Register (32-page PDF; About PDFs).
Steven Waldren, M.D., director of the Academy's Center for Health IT, has summarized pertinent details in the interim rule and posted that information online for members to review.
"This is fairly dense language, as is often the case with government regulatory efforts," said Waldren. "In an effort to save members time and frustration, I zeroed in on a few sections of the regulations that are most likely to impact family physicians' practices."
He noted that the interim rule was effective on Sept. 29 but could be modified based on public comments received by HHS on or before Oct. 23.
In his explanation of the HHS regulations, Waldren answers questions such as
Steven Waldren, M.D., director of the Academy's Center for Health IT, has summarized pertinent details in the interim rule and posted that information online for members to review.
"This is fairly dense language, as is often the case with government regulatory efforts," said Waldren. "In an effort to save members time and frustration, I zeroed in on a few sections of the regulations that are most likely to impact family physicians' practices."
He noted that the interim rule was effective on Sept. 29 but could be modified based on public comments received by HHS on or before Oct. 23.
In his explanation of the HHS regulations, Waldren answers questions such as
- What exactly is unsecured protected health information?
- How does HHS define a breach of information?
- When, if ever, are there exceptions to the breach rule?
- Who must be notified in the event of a breach?
- What form must that notification take?
In addition, Waldren provides tips on how members can ease compliance with the regulations. A list of additional government resources also is included.
Practice Management
CMS Extends 2010 Medicare Provider Enrollment Period
Federal Health IT Standards Committee Seeks Physician Input
FPM's User Satisfaction Survey Can Help With EHR Choices
CMS Tightens Ordering, Referring Rules
EHR Data Valuable Health System Commodity
TransforMED, Welch Allyn Partner to Offer EHR Selection Program
U.S. Readiness for P4P Implementation Behind That of U.K.
AAFP Offers Primer on HHS' Breach Notification Regs
Consumers Vague on Value of Health IT
AAFP Web Resource Updates Payer Instructions for Giving H1N1 Vaccine
Major Payers Give Coding Instructions for H1N1 Vaccine Payment
Related ANN Coverage
Stimulus Package Includes New HIPAA Security Rules
Small Practices Face Greatest Financial Impact
(3/18/2009)
Experts Urge Congress to Move Ahead With HIT Carefully
(1/21/2009)
More From AAFP
HIPAA Privacy
HIPAA Security
Additional Resource
HHS News Release: "HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information"
Stimulus Package Includes New HIPAA Security Rules
Small Practices Face Greatest Financial Impact
(3/18/2009)
Experts Urge Congress to Move Ahead With HIT Carefully
(1/21/2009)
More From AAFP
HIPAA Privacy
HIPAA Security
Additional Resource
HHS News Release: "HHS Issues Rule Requiring Individuals Be Notified of Breaches of Their Health Information"








