HHS quietly withdraws HIPAA breach-notification rule
Following a firestorm of criticism from privacy advocates who say federal officials gave too much leeway to healthcare organizations that inadvertently disclose protected health information, HHS has without fanfare withdrawn its HIPAA “breach notification” final rule that had been submitted to the White House for budgetary approval.
The move was “to allow for further consideration, given the department’s experience to date in administering the regulations,” the HHS Office for Civil Rights posted on its website late Wednesday. “This is a complex issue and the administration is committed to ensuring that individuals’ health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur,” OCR explained…
…The decision thrilled the Patient Privacy Rights Foundation, headed by noted privacy watchdog Dr. Deborah Peel, which had been adamantly opposed to the so-called “harm standard.”
See the PPR Press Release supporting this decision.