Manatt Health Partner Discusses Tough HIPAA Rule
"New HIPAA Rule Seen as Tougher"
Healthcare IT News
January 18, 2013 - Manatt's Robert Belfort, a partner in the firm's Healthcare Division, discussed with Healthcare IT News a recently released HIPAA privacy and security final rule that will significantly impact the industry.
"The one that will probably get the most attention is the definition of a breach," Belfort said. "There's been a lot of controversy over the 'risk of harm' standard."
The proposed rule held that there would be no breach unless there was significant risk of harm to the individual, but the U.S. Department of Health and Human Services indicated that it might rethink that, Belfort explained, and in the omnibus rule replaced it with an assessment of whether the improper disclosure compromises PHI (protected health information).
"The burden is on the covered entity to show that there's a low probability that the information has been compromised. There are two changes there," Belfort said. "Number one, the focus of the assessment is no longer on the harm to the patient but whether the information has been compromised and, secondly, the burden of proof is clearly on the covered entity so if it can't be determined pretty clearly that there is a low probability the information has been compromised, the covered entity has to treat it as a breach."
Belfort views the final rule as HHS navigating the middle ground between privacy advocates arguing that any improper disclosure should be treated as a breach and those who wanted to retain the risk of harm standard.
Read the article here.