Second Example of Compliance

By Gil Sever  |  Posted 2010-03-30 Print this article Print

Second example of compliance

As for the second compliance example, the Department of Health and Human Services (HHS) issued an interim final rule concerning procedures and notification of breaches of unsecured PHI under the Health Insurance Portability and Accountability Act (HIPAA). For breaches that were discovered on or after September 23, 2009, the new rule depicts the process for notifying victims of the breach and also expands the accountability of a data leak to include business associates of the entity holding the PHI.

The rule also clearly specifies what constitutes "protected PHI." In these cases, notification to the affected party is not necessary. If the PHI is encrypted per the guidelines of the National Institute of Standards and Technology (NIST), then notification is not required. If, however, your PHI is unprotected, then the following three actions must occur:

Action No. 1: Within 60 days of the discovery, affected parties must be notified of the breach in clearly understandable language. Furthermore, prominent media must be contacted when over 500 are affected.

Action No. 2: The notification must explain the specifics of what occurred: what type of PHI was leaked and the steps that individuals can take to protect themselves.

Action No. 3: The responsible party must specify the steps they are taking to avoid harm to the individual affected such as contact procedures and information for those needing help.

Gil Sever is Founder and Chief Executive Officer of Safend. Prior to founding Safend, Gil held several senior-level positions within the security industry. Gil served as COO of ECTEL, a leading provider of monitoring solutions for IP, telephony and cellular networks. He also held the position of Israel Site Manager and VP of R&D for Aeroscout (formerly Bluesoft), a company focusing on WiFi and Bluetooth location finding. Prior to his positions in the private sector, Gil served 18 years in the Israeli Defense Forces where he managed strategic planning and large-scale R&D groups and projects in the areas of communications, communication protocols and data security. Gil has a Bachelor of Science degree in Electrical Engineering from the Technion (Israel Institute of Technology) and a Master of Science degree in Electrical Engineering from Tel Aviv University. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel