The much anticipated “breach notification” rule was recently
published by the Department of Health and Human Services (HHS), Office of
Civil Rights (OCR). As required by the provisions of the Health
Information Technology for Economic and Clinical Health (HITECH) Act, the
rule adds new specifications for covered entities and business associates,
outlining how they must provide notification when "unsecured"
protected health information (PHI) has been breached.
