One-Hour Breach Notification Out of Final HIX Rule? Yes and No
Joseph Goedert reports:
The Centers for Medicare and Medicaid Services, in a final rule setting standards for health plans operating in state health insurance exchanges, has dropped a proposed requirement that privacy and security incidents be reported within one hour of discovery, while at the same time noting it is still required by other regulations.
Read more on HealthData Management.