Proposed legislation the White House is sending to Congress to fight cyber attacks includes more protections for consumers than new requirements on companies to better protect the data that they hold. But one of the new requirements would appear to compel a major change in the HIPAA breach notification rule.

The legislation if enacted would establish a national standard for "companies" to notify affected individuals of a breach 30 days from discovery of the breach. Assuming that healthcare covered entities and business associates would be considered “companies,” that would mean the current HIPAA standard of notifying patients of a breach no later than 60 days after discovery would be preempted.

Register or login for access to this item and much more

All Employee Benefit News content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access