Though on Aug. 4 it withdrew its Interim Final Rule regarding HIPAA security breach notifications, the Department of Health and Human Services (HHS) has since clarified on its Web site that the suspended rule of Sept. 23, 2009, remains in effect.

"This is a complex issue and the Administration is committed to ensuring that individuals’ health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur," the site explained.  "We intend to publish a final rule in the Federal Register in the coming months."

The breach notification rule is required due to the passage of the Health Information Technology for Clinical and Economic Health (HITECH) Act of 2009, which augmented the 1996 Health Insurance Portability and Accountability Act (HIPAA).

A breach refers to the unauthorized public exposure of protected health information (PHI) in electronic or print format.

Please visit Personnel Concepts’ HIPAA and COBRA Compliance section on our Web site for a wide array of tools and kits available to help your business master all medical record and health insurance requirements.