HIPAA Breach Notification Rule: A Crucial Part of HIPAA Privacy and Security Rules

Older Medical Records File Cabinet

Our Healthcare Lawyers — Who Specialize in HIPAA Violations, HIPAA Reporting, and HIPAA Privacy Matters — Explain This Important Provision

What is the HIPAA Breach Notification Rule?

The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, originally published in August 2009, is an extremely important but often overlooked provision of the Health Insurance Portability and Accountability Act (“HIPAA”), and healthcare providers should take note of what it is for.

A breach (or compromise) to the security or privacy of protected health information (“PHI”) is defined by the U.S. Department of Health & Human Services (“HHS”) as acquisition, access, use or disclosure that “poses a significant risk of financial, reputational, or other harm to the individual.”

Among other things, the Breach Notification Rule requires healthcare providers (“Providers”) to demonstrate to HHS that the Provider has taken appropriate remedial measures following the discovery of breach or disclosure of unsecured PHI.

Providers who can demonstrate this may avoid or limit their liability related to the alleged breach. Remedial measures include notice to patients and others of the impermissible use or disclosure that compromised the security or privacy of the PHI.

What is New About the HIPAA Breach Notification Rule?

For licensed health care professionals and providers already familiar with the HIPAA Breach Notification Rule, it is important to recognize that the rule recently underwent significant changes. 

In January 2013, HHS published a final rule that included modifications to HIPAA’s Privacy and Security Rules. A main area affected by this update is the addition of obligations on providers and their business associates to identify and report breaches of PHI. 

Under the previous “harm standard,” providers had discretion as to whether a breach was reportable, based on whether that breach would result in a significant risk of financial or reputational harm.  The HHS decision to change the “harm standard” was due to its inconsistent application by providers.

The new standard, as announced in the final rule, presumes that any unauthorized use or disclosure of unsecured PHI is a reportable breach. Providers can refute that presumption only by determining there is a low probability that the PHI has been compromised.

There are many nuances to the HIPAA Breach Notification Rule, and providers must know whether they are required to notify:

  • the individual affected by the breach of unsecured PHI;
  • the Secretary of HHS; and/or 
  • in certain circumstances, the media.

In addition, providers must know when their business associates are required to notify them if a breach occurs at or by the business associate.

How Can the National Healthcare Attorneys at Chapman Law Group Help with Data Breaches, HIPAA Violations, HIPAA Compliance, and HIPAA Privacy Matters?

If you believe that a breach of PHI may have occurred, contact us at Chapman Law Group as soon as possible.

As seasoned professionals in compliance laws for health care who handle HIPAA compliance matters for clients and practices nationally, our healthcare compliance and HIPAA attorneys are always keeping with the newest developments and rules for HIPAA, so that we can advise and assist your healthcare practice on what to do next.

The health care compliance attorneys at Chapman Law Group have vast experience in state and federal health care regulations and best practices across the U.S. One of our lawyers is a former Medicare attorney, another is a former Medicaid fraud prosecutor, and each of us holds an LL.M. in Health Law from Loyola University Chicago School of Law — the top school in the U.S. for healthcare law.

Our lawyers for HIPAA violations defense are seasoned to analyze and update healthcare practices for its policies and procedures, to ensure that licensed healthcare providers avoid criminal and civil liabilities for False Claims Act, Anti-Kickback and Stark Law violations — and we defend providers who face related charges. 

Our offices are in Detroit (where we serve the cities of Dearborn, Troy, Ann Arbor, Lansing, and Grand Rapids, as well as the entirety of Michigan); Miami and Sarasota, Florida (for Jacksonville, Tampa, Gainesville, Orlando, West Palm Beach, and the full state of Florida); Los Angeles/Southern California; and Chicago

Contact us today and let us put our know-how to work for you.

Need an Attorney? Contact us now!

.

  • This field is for validation purposes and should be left unchanged.

.

  • This field is for validation purposes and should be left unchanged.

Got A Question?

Contact us now to schedule a consultation.

Other Practice Areas​

Compliance

Related Case Results

Healthcare Audit Defense Attorneys

Here’s what health care providers and practices need to know about Medicare audits, Medicaid audits and third-party payor audits — and how our healthcare defense lawyers can help you.

Read More »

FREE Health Care Newsletter

Stay up to date on the latest news in health care law!

FREE eBook!

Click the link below to download our compliance eBook now!

Got A Question?

Contact us now to schedule a consultation.
Chapman Law Group Favicon

This website uses cookies to ensure you get the best experience on our website.

Send this to a friend