From: Health Data Management
Proposed legislation the White House is sending to Congress to fight cyber attacks includes more protections for consumers than new requirements on companies to better protect the data that they hold. But one of the new requirements would appear to compel a major change in the HIPAA breach notification rule.
The legislation if enacted would establish a national standard for “companies” to notify affected individuals of a breach 30 days from discovery of the breach. Assuming that healthcare covered entities and business associates would be considered “companies,” that would mean the current HIPAA standard of notifying patients of a breach no later than 60 days after discovery would be preempted.
Leave a Reply