LTN Law Technology News
  • Home
  • News
  • Reviews
  • Commentary
  • Surveys
  • Events
  • LegalTech® Directory
  • About LTN
  • Register
  • Topics:
  • E-Discovery & Compliance
  • Litigation Support
  • Practice Management
  • Office Tech
  • Mobile Lawyer
  • Research & Libraries
  • Tech Law

Home > The HIPAA Final Rule Is a Game-Changer for Breach Notification

Font Size: increase font decrease font

Previous

  • 2
  • 3
  • 4

Next

The HIPAA Final Rule Is a Game-Changer for Breach Notification

January 28, 2013

  •    
  •    
  •    
  •      
 

Most of these factors were likely considered previously by CEs, but they were considered in a different context. If a CE or BA concludes that a breach has not occurred, documentation sufficient to meet this burden of proof must be maintained. A decision to notify does not require an analysis of risk because the occurrence of a breach is presumed.

There are also a few requirements that remain the same, even if there was some clarification.

PRE-EMPTION OF STATE LAW

HHS has reminded CEs and BAs that HITECH only pre-empts state law to the extent HITECH is more strict. If a state law is more strict, then the CE and BA must follow the requirements of the state law as HHS considers the regulation to be the federal floor of privacy protection. Depending on the scope of the breach, a state may have more strict requirements involving timeliness of notification, notification to state agencies, and content of the notification letter. Some states such as Florida, Vermont, and Wisconsin for example require notification within 45 days. Other states expect notification within several weeks to 30 days even though the state law does not specify an exact time period. Knowledgeable privacy counsel is critical to advise organizations about these issues because the state statutes (and how they are applied) can be confusing.

ADDRESSABLE STANDARDS

HHS has made clear that the ability to deliver high-quality care must be balanced with compliance issues because each organization is unique and presented with different challenges. This does not mean that compliance takes a backseat to patient care issues, but it does mean that healthcare organizations can continue to document their decision-making process when accepting and addressing risks.

For example, the use of encryption continues to be an addressable standard. This means that it is not required to be adopted by healthcare organizations and vendors. There are several advantages, however, if the technology is implemented. These include safe harbors for breach notification and the ability to show clear compliance with certain HIPAA Security Rule requirements. If an organization decides not to deploy encryption technology, a documented risk assessment is required which details the decisions made by the organization and what other protections are in place to address the safeguarding of ePHI. OCR may disagree with your assessment.Recently, HHS provided guidance for the protection of mobile devices. Some of the protections that should be considered include:

1. Use a password or other user authentication.

2. Install and enable encryption.

3. Install and activate wiping and/or remote disabling.

4. Disable and do not install file-sharing applications.

5. Install and enable a firewall.

Continue reading

Previous

  • 2
  • 3
  • 4

Next



Subscribe to Law Technology News

You must be signed in to comment on an article

Find similar content

Companies, agencies mentioned

    
  • CE
  • British Airways PLC
  • Hitech
  • KPMG LLC
  • Office for Civil Rights
  • United States Department of Health and Human Services

Most viewed stories

    
  1. Redacted Emails Ordered Released in Aaron Swartz Case
    •      
  2. 10 Devices You Should Never Take Along on a Business Trip
    •      
  3. Using Computer Forensics to Investigate IP Theft
    •      
  4. Is Stanford Law the New Vortex of Legal Technology?
    •      
  5. Law Technology News Goin' Mobile With ALM
    •      
  6. Cross This App Off Your To-Do List
    •      
  7. CEIC: the Destination for Digital Investigation
    •      
  8. FTC Warns Companies of Children's Privacy Violations
    •      
  9. Judge Opens Toyota's Secrets to Additional Attorneys
    •      
  10. EDRM Remains Vital to E-Discovery
    •      
lawjobs.com

TOP JOBS

MORE JOBS

POST A JOB

From the Law.com Network

Taking the Reins of Legal Department Operations

In-House Law: Now in 3-D!

News Corp. Hires Ex-Skadden Communications Chief Bush

Law Firm Leaders' Confidence Slipping, Says Survey

Contrite Companies Can Win Forgiveness in Bribery Cases
  •      
    • Subscription Required

Plaintiffs Want to See Toyota's 'Crown Jewels'
  •      
    • Subscription Required

LegalTech West Coast to Kick Off With 'Tech Audit' Keynote

Stanford Law Builds on Role as Legal Tech Incubator

Prolific ADA Plaintiff Faces Nemesis in Harassment Suit

Ullyot Exit Closes Chapter for Facebook

Rothstein Bankruptcy Trustee Files New Reorganization Plan
  •      
    • Subscription Required

Fla. Bar Wants Disbarment for Former Judge
  •      
    • Subscription Required

Appellate Division To Roll Out Electronic Case Filing System

Court Limits Liability for Injury Or Death of One Invited To Help
  •      
    • Subscription Required

The Affordable State-Specific Practice Solution
Available in NY, NJ, PA and CT editions - research, draft and prepare even the most complex cases with ease.

Court Officials Seek to Reform Process of Naming Acting Justices

NYC Defends Police Department's Use of Stop-and-Frisk

Immigrant Investor Program Gets Watchful Eye

Judge Orders Parties to Hire Neutral Expert to Probe Facebook

Law Schools Are Looking Beyond LSATs, Says Mich. Dean

Is Freezing Your Eggs the Solution?

Water Warriors: Local Governments Bring Pollution Suits
  •      
    • Subscription Required

Sanction Reversed; Filing of Sexually Explicit Chat OKd
  •      
    • Subscription Required

Lenders Win On Foreclosures
  •      
    • Subscription Required

Justices: Doc Interviews With Defense Are Attorney Work Product
  •      
    • Subscription Required

Corporate Bribery Case Part Of National Trend
  •      
    • Subscription Required

Court Continues To Grant Lawyers Fraud Immunity
  •      
    • Subscription Required

  • Contact LTN
  • Editorial Guidelines
  • Magazine
  • RSS Feeds
  • LTN Awards
  • Bookstore
  • Site Map
  • About |
  • ALM Properties |
  • ALM Reprints |
  • Customer Support |
  • Privacy Policy |
  • Terms & Conditions |
  • ALM User License Agreement
ALM Media