The White House on Breach Notification

HITECH Act Applies to Healthcare; New Policy Would Apply to Others
The White House on Breach Notification
An Obama administration proposal for a federal data breach notification policy would apply to all business sectors except healthcare.

The policy would not apply to healthcare organizations and their business associates that already must comply with the HITECH Act breach notification rule, which has requirements that are somewhat similar. The proposed policy also would not apply to personal health records vendors, which are already covered under a new Federal Trade Commission rule called for under HITECH.

The federal breach notification policy, a component of a comprehensive cybersecurity legislative agenda that the White House unveiled Wednesday, would supersede the divergent laws now in effect in most states (see: Obama Offers Breach Notification Bill).

Healthcare organizations already must comply with an interim final version of the HITECH breach notification rule. A final version will be issued this year as part of an omnibus rulemaking, which also will include HIPAA modifications, a federal official said earlier this week (see: HITECH Mandated Regs Still in Works).


About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network