Medical offices and other businesses that are subject to the federal HIPAA medical-privacy law will have to comply with some new rules from Congress.
The changes include:
► If a breach of privacy occurs, you must now notify the affected individuals within 60 days. (Before, you only had to try to limit the negative effects of a breach.) If the breach affects more than 500 people, you must report the incident to the U.S. Department of Health and Human Services and the media. If 10 or more affected people can’t be contacted directly, you must post the information conspicuously on your website. [Read more…]