The White House on Breach NotificationHITECH Act Applies to Healthcare; New Policy Would Apply to Others
The policy would not apply to healthcare organizations and their business associates that already must comply with the HITECH Act breach notification rule, which has requirements that are somewhat similar. The proposed policy also would not apply to personal health records vendors, which are already covered under a new Federal Trade Commission rule called for under HITECH.
The federal breach notification policy, a component of a comprehensive cybersecurity legislative agenda that the White House unveiled Wednesday, would supersede the divergent laws now in effect in most states (see: Obama Offers Breach Notification Bill).
Healthcare organizations already must comply with an interim final version of the HITECH breach notification rule. A final version will be issued this year as part of an omnibus rulemaking, which also will include HIPAA modifications, a federal official said earlier this week (see: HITECH Mandated Regs Still in Works).