In an effort to better protect the privacy of patients, the U.S. Department of Health and Human Services (HHS) has issued new data breach notification regulations that take effect September 23 requiring health care providers and other entities covered by the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their unsecured personal health information is breached.

According to the HHS press release, these new “breach notification” regulations protecting patient privacy – which implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of American Recovery and Reinvestment Act of 2009 (ARRA) – require health care providers and other HIPAA covered entities to promptly notify affected individuals, the HHS Secretary, and the media in cases where a breach affects more than 500 individuals (breaches affecting fewer than 500 individuals will be reported to the HHS annually).

The breach notification regulations only apply to “unsecured” health information. The published interim final rule for Breach Notification for Unsecured Protected Health Information defines “breach” as the “unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of the protected health information.” Furthermore, “unsecured protected health information” is defined as “protected health information that is not secured through the use of a technology or methodology specified by the (HHS).”

However, in a development criticized by many privacy advocates, a “harm threshold” was added to the final interim rule stating that if a data breach occurs, health care organizations should conduct a risk assessment and only issue notifications if they believe disclosure of the information “poses a significant risk of financial, reputational, or other harm to the individual.”

Despite worries about how the “harm threshold” will lessen privacy standards, health care data breaches – which according to according to Identity Theft Resource Center accounted for two-thirds (over 66 percent) of all records breached this past year – will not be tolerated as before, and health care providers and HIPPA covered entities need to strengthen policies and procedures regarding the protection of patient privacy.

Data privacy – whether concerning patient information from health care providers or consumer information handled by businesses in other industries – has become an important and demanding issue in today’s technologically oriented world, and the need to secure the privacy of personal information will continue to grow as technology expands further into all areas of an individual’s everyday life.

Pre-Employ.com – a nationally recognized pre-employment screening provider – believes good data privacy equals good business. For more information about data privacy, view a complimentary webinar on demand at www.pre-employ.com/webinars/Data-Privacy-Webinars.aspx. For more information about Pre-Employ.com, take a tour at www.pre-employ.com/Tour/, visit www.pre-employ.com, email info@pre-employ.com, call 1-800-300-1821, or follow on Twitter at www.twitter.com/PreEmploy.

tahearn@pre-employ.com

*We welcome relevant comments and questions from consumers, experts, and human resources professionals. Please do not submit comments with advertisements as they will not be posted publicly. Thanks for visiting our blog!