News Stay informed about the latest enterprise technology news and product updates.

Breach notification final rule withdrawn from OMB review

Health care officials have been waiting months for federal officials to finalize the breach notification final rule. That wait will continue, though it won’t impact the way providers do business.

The Department of Health & Human Services (HHS) said today that it is withdrawing the final rule from review by the Office of Management and Budget (OMB). According to a brief statement, HHS wants to give breach notification further consideration and intends to publish a final rule in the Federal Register “in the coming months.”

The interim final rule for data breach notification was mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act’s update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The HITECH Act gives the Office for Civil Rights the power to levy hefty penalties on organizations — and business associates, who are now covered entities under HIPAA — who fall victim to a data breach.

Since going into effect last September, the interim final rule has, not surprisingly, resulted in additional data breach notifications. However, members of Congress took umbrage with the interim final rule’s material harm threshold, which, they said, was not in the spirit of the HITECH Act. (This means that providers must notify patients about a data breach if the providers determine that the breach results in material harm.) Ultimately, that’s why the rule was withdrawn from OMB review, Modern Healthcare reports (registration required).

The rule is still in effect, though, as its withdrawal does not mean that providers no longer have to abide by it. Whether the harm threshold will change remains to be seen. Stay tuned.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

#HIPAA breach notification final rule pulled from OMB review; still in effect #HITECH #healthIT
Breach notification final rule withdrawn from OMB review #HIPAA #HIT HealthIT #HITPol
RT @HITExchange: Breach notification final rule withdrawn from OMB review #HIPAA #HIT HealthIT #HITPol
Additional coverage of the breach notification rule withdrawal has emerged since Friday. Here’s a quick roundup: [ULIST][A href=" "]Healthcare IT News[/A] speaks to the organization Patient Privacy Rights, which had likened the harm threshold to “letting the fox guard the hen house” and was pleased to see it being reconsidered. [A href=""]HealthLeaders Media[/A] asks if the OMB if the withdrawal was directly related to Congressional opposition to the harm threshold and receives a “No comment.” In a related story, [A href=" "]eWEEK[/A] notes that there have been data breaches at 113 health care organizations so far in 2010. This compares to only 38 financial institutions and suggests that banks are far better at monitoring database activity.[/ULIST]