The guidance provides steps to ensure health information security and outlines notification requirements for compromised data.
Guidance from HHS on this subject was required by the American Recovery and Reinvestment Act and was built upon the requirements of the HIPAA Privacy and Security Rules, which remain unchanged.
Additionally, the Federal Trade Commission will publish regulations regarding patient notification of breached data that will apply to vendors of health records not covered by HIPPA.
Read the HHS release on new health information security guidance.
