HHS issues HITECH breach notification interim final rule
The U.S. Department of Health and Human Services (HHS) issued its interim final rule concerning notification of breaches of health information by HIPAA-covered entities. The rule was published in the Federal Register yesterday, and will become effective 30 days from then.
The Federal Trade Commission recently issued a companion breach notification rule that covers vendors of personal health records and certain other entities not covered under HIPAA.
HHS’ rule can be found here (pdf).