HIPAA Blog

[ Monday, May 23, 2022 ]

 

FTC Blog Post on Breach Notification: Getting any sort of guidance from regulatory agencies on the agency's concerns and thoughts about prosecuting violators is always good, even though I'd prefer clearer regulations so that guidance isn't necessary.  Notwithstanding that nit, the FTC has issued a blog post highlighting their concerns regarding the strong rationale for notifying individuals in the event of a breach (whether it's a HIPAA breach or entirely unrelated to healthcare).  While HIPAA covered entities must meet HIPAA's breach notification requirements, and all 50 states have their own state-specific breach notification requirements, if your analysis ever leads you to believe that you don't have an obligation to report under HIPAA or state law (e.g., you're not technically a HIPAA-covered entity), don't forget FTC's requirements as well.


Jeff [1:13 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template