Click Here For More Specific Information On:

Understanding the final regulations for the new HIPAA Breach Notification Rule


The social media are becoming a force to reckon with in the field of clinical research

The final regulations for the new HIPAA Breach Notification Rule place a far greater burden on Covered Entities and Business Associates than earlier. It is not enough for them to just notify individuals whose Protected Health Information (PHI) have been affected. For them to determine if a breach occurred, they must follow and document a very specific process. Their work does not end here. If no Breach occurred, then documentary evidence to this effect must be compiled and kept for six years. In the event of a Breach; CE’s and BA’s must undertake timely notifications and document this and other actions taken.

Huge number of breaches

That a breach and/or an incident can happen any time is attested by many experiences. From September, 2009 to May 31, 2015, over 173,000 separate breaches of PHI affecting less than 500 individuals and 1240 reports of PHI breaches affecting more than 500 individuals were reported to the U. S. Department of Health and Human Services (HHS).

The HHS has very stringent and often hairsplitting definitions of a breach. It considers an acquisition, access, use, or disclosure of PHI not permitted by the Privacy Rule to be a Breach unless it falls within an exception or the Covered Entity or Business Associate can demonstrate a low probability that the PHI was compromised. Not every suspected breach may turn out to be a breach, but the CE or BA should have enough knowledge of the rules to assess each incident and prove it was not a breach in case it was not.

Other aspects of a breach notification


A CE or BA should notify prominent media outlets in the region whenever a breach affecting 500 or more individuals happens. At times, they would have to publicly announce that a breach did not occur. They should also guard against the huge black market for PHI. It is a fact that phishers, hackers and burglars are constantly making attempts to get PHI. The FBI reported in 2014 that medical identity information commands $50 on the black market, while a credit card or Social Security Number sells for $1.

A learning session to help unravel the complexities of the Rule

To understand how to make sense of the final regulations for the new HIPAA Breach Notification Rule; a webinar is being organized by MentorHealth, a highly reputable provider of professional trainings for the healthcare industry. Paul R. Hales J.D, who is an attorney at law and specializes in the HIPAA Privacy and Security Rules, will be the speaker at this webinar. To enroll for this webinar, log on to

This session will offer clear understanding of how to understand the new HIPAA Breach Notification Rule and how CE’s and BA’s can protect patient information, which will help them to prevent a breach. At this webinar, Paul will explain the following:

What Covered Entities and Business Associates must do to comply with the Breach Notification Rule

What is and is not a Breach

Who must be notified in case of a Breach

When notifications must be provided

What information must be contained in each notification

Other requirements in case of a Breach


oMitigate harm to affected individuals

oProtect against further Breaches

oDocument everything

Planning and preparation for the worst – public relations and mitigation strategies to limit damage to the organization’s reputation and financial well-being

MentorHealth is a comprehensive training source for healthcare professionals. Our trainings are high on value, but not on cost. MentorHealth is the right training solution for healthcare professionals. With MentorHealth, healthcare professionals can make use of the best benefits relating to their professional training.

Article Source:}