Catching up on a few things from last week.
“Two new rules were created this week requiring health care organizations, and other entities that interact with personal health records (PHRs), to issue notifications in the event of a data breach.
Both rules were created as part of the American Recovery and Reinvestment Act of 2009 (ARRA), signed into law by President Obama in February.”
One rule requires organizations subject to HIPAA regulations to individuals when breaches of information for 500 people or more occur.
The other rule covers web-based business that collect health information from consumers. They must also issue notifications if a breach occurs.
No comments:
Post a Comment