He weighed in with a call for a federal «
breach notification standard» to replace data notification laws that vary by state.
Not exact matches
For its part, Congress is currently debating competing cybersecurity bills which would set nationwide data security and patient
notification standards following a data
breach.
Law seeks to create a unified, federal
breach -
notification standard that would streamline the requirements for companies in the face of a
breach.
The OCR enforces the HIPAA Privacy Rule, which protects the privacy of PHI; the HIPAA Security Rule, which sets national
standards for the security of electronic PHI; and the HIPAA
Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of unsecure
Breach Notification Rule, which requires covered entities and business associates to provide notification following a breach of un
Notification Rule, which requires covered entities and business associates to provide
notification following a breach of un
notification following a
breach of unsecure
breach of unsecured PHI.
So far the one statute and one bill on data
breach notification in Canada do not prescribe
standards of care for secure storage.
In my view, the best path forward, from a cyber policy perspective, is to require regulatory
notification of meaningful
breach events combined with the developing of a
standard of care that is capable of evolving with changing technological means.
Individuals must receive
notification only when the
breach poses a «real risk of significant harm,» a
standard Lawford says is difficult to meet and even harder to measure.
Do you understand the protocol set by the
standards for
breach notification should client PHI be lost, stolen, or otherwise inappropriately used or disclosed?
NAR supports a single Federal
standard for data
breach notification and will work to see that any legislation enacted is narrowly tailored to protect small businesses from undue compliance burdens.