HIPAA Breach Notification
Information about HIPAA Breach Notification
HIPAA Breach Notification Rule
The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires
HIPAA covered entities and their business associates to provide
notification following a breach of unsecured protected health
information. Similar breach notification provisions implemented and
enforced by the Federal Trade Commission (FTC), apply to vendors of
personal health records and their third party service providers,
pursuant to section 13407 of the HITECH Act.
The average cost of a data breach to an organization is $7.2 million.
When you consider the costs of damaged reputations, diminished consumer
confidence and class-action lawsuits, the costs may be higher.
HIPAA Privacy Rule has been under changes; penalties for violations have
significantly increased, audits of compliance are becoming more
commonplace, particularly following privacy and security breaches. Some
of the changes brought about by the HITECH Act enhances patient rights,
but impose technical and procedural burdens on the entities that must
comply.
Existing policies and procedures should be evaluated to ensure
they meet the current requirements, and it is equally as important to
consider how your policies will need to be modified to meet the proposed
new rules for access and accounting of disclosures, as well as the new
restrictions on some disclosures that used to be allowed. Plus, all
entities should be aware of the new enforcement and audit requirements
so that they can understand what is at stake with non-compliance.
InfoSight solutions can be customized to your level of risk, the type of
data exposed, the severity of the breach and your budget. From discovery
to resolution, we’ll guide you through the necessary steps to reduce the
risk of a breach and mitigate the effects of the breach, all while
providing high-quality identity theft protection products for those who
have been affected.
If you would like more information regarding HIPAA Breach Notification, contact
us today to discuss your requirements.
Complementary Services
Vulnerability Assessment
IT Risk Assessment
Social Engineering Testing and Training