HHS introduces new data breach notification ruling

2009-08-24

Healthcare providers as well as health plans and other bodies in the US covered by the Health Insurance Portability and Accountability Act are to be required to notify people when a data breach occurs affecting their information.

The data breach notification regulations have been developed by the HHS Office for Civil Rights (OCR) and were announced by the US Department of Health and Human Services (HHS).

Under the new ruling, a data breach notification needs to be sent to the HHS secretary and the media in incidents where a breach affects over 500 individuals.

Robinsue Frohboese, acting director and principal deputy director of OCR, said: "This new federal law ensures that covered entities and business associates are accountable to the department and to individuals for proper safeguarding of the private information entrusted to their care."

The HHS is the US government's principal agency for protecting the health of Americans and providing vital human services.

Read more security news.