Monday, April 26, 2010

The Breach Notification Rule

On September 23, 2009, Section 164.408 of the breach notification interim final rule became effective, which implements section 13402(e)(3) of the HITECH Act.

If you are reading this blog, chances are you know what this means. However, if you don't necessarily know the ins and outs of the regulations, this section requires covered entities to provide notification of breaches of unsecured protected health information directly to the Secretary of HHS.

More importantly, breaches that affect 500 or more individuals must be reported to HHS within sixty days and covered entities must provide this notification via the online form on the Office for Civil Rights (OCR) website. (Note - A covered entity is any health plan or company who transmits health information, this includes Merrill Corp.) By posting this information on the HHS website, OCR has met its HITECH Act obligation of making this information public. The list of the covered entities that have reported such breaches, along with other relevant information about each breach, is consistently updated and available here.

This new rule is just another example of the tightening regulations affecting the healthcare industry as HHS, CMS and other regulatory bodies continue to focus on data management. Because of this increasing regulation, health plans are going to need and experienced partner- like Merrill- now, more than ever before.

Merrill is uniquely positioned to help health plans remain compliant in the execution of their member communications. While our compliance-driven message is new to the industry, it is one that has been resonating.

For more information on this regulation, visit the OCR website, and also, continue to visit this blog as I continue my ongoing research to offer new insight into the inner workings of the Health Reform and the future of the healthcare industry.


Pam Argeris is a thought leader in the Healthcare Industry and possesses extensive, hands-on experience with CMS compliance, and multiple regulatory bodies such as NCQA, JACHO, and DOI. In her role at Merrill Corp., Pam focuses on developing solutions for compliance and quality assurance, delivered in a cost effective manner to improve beneficiary and prospect communications. You can contact Pam at

No comments:

Post a Comment