HIPAA Breach Notification

Information about HIPAA Breach Notification

HIPAA Breach Notification Rule

The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. Similar breach notification provisions implemented and enforced by the Federal Trade Commission (FTC), apply to vendors of personal health records and their third party service providers, pursuant to section 13407 of the HITECH Act.

The average cost of a data breach to an organization is $7.2 million. When you consider the costs of damaged reputations, diminished consumer confidence and class-action lawsuits, the costs may be higher. HIPAA Privacy Rule has been under changes; penalties for violations have significantly increased, audits of compliance are becoming more commonplace, particularly following privacy and security breaches. Some of the changes brought about by the HITECH Act enhances patient rights, but impose technical and procedural burdens on the entities that must comply.

Existing policies and procedures should be evaluated to ensure they meet the current requirements, and it is equally as important to consider how your policies will need to be modified to meet the proposed new rules for access and accounting of disclosures, as well as the new restrictions on some disclosures that used to be allowed. Plus, all entities should be aware of the new enforcement and audit requirements so that they can understand what is at stake with non-compliance.

InfoSight solutions can be customized to your level of risk, the type of data exposed, the severity of the breach and your budget. From discovery to resolution, we’ll guide you through the necessary steps to reduce the risk of a breach and mitigate the effects of the breach, all while providing high-quality identity theft protection products for those who have been affected.

If you would like more information regarding HIPAA Breach Notification, contact us today to discuss your requirements.

Complementary Services
Vulnerability Assessment
IT Risk Assessment
Social Engineering Testing and Training