Breach Prevention is Critical as HIPAA Compliance Worlds Collide

Privacy and security officers have to comply with more rules than ever. The Federal Trade Commission’s Red Flags rule, existing HIPAA laws, and the new Health Information Technology for Economic and Clinical Health (HITECH) Act require that covered entities:

• Protect patient information with technical, administrative, and physical safeguards (HIPAA)


• Lessen the negative effect of unauthorized disclosure (HIPAA)


• Notify patients within 60 days of breaches that involve unsecure personal health information (PHI) and pose a significant risk of financial, reputational, or other harm (HITECH; enforcement effective February 17)


• Inform HHS of breaches (HITECH; enforcement effective February 17)


• Establish an identity theft prevention program with policies and procedures to detect, prevent, and mitigate identity theft (Red Flags Rule; enforcement effective June 1)

Read more at Health Media Leaders.