HHS Settles First Enforcement Action Relating to a Breach Affecting Fewer than 500 Individuals On January 2, 2013, the Department of Health and Human Services (“HHS”) announced <http://www.hhs.gov/news/press/2013pres/01/20130102a.html> a resolution agreement<http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/honi-agreement.pdf>and $50,000 settlement with Hospice of North Idaho (“HONI”) for a breach that affected 441 individuals. This action is notable because prior HHS enforcement actions relating to breaches have involved a greater number of affected individuals (for example, the first breach-related enforcement action<http://www.huntonprivacyblog.com/2012/03/articles/hhs-settles-first-breach-notification-rule-case-for-1-5-million/>in March 2012 affected more than 1 million). The Health Information Technology for Economic and Clinical Health (“HITECH”) Breach Notification Rule sets 500 as a threshold number of affected individuals triggering certain notification requirements such as the obligation to notify HHS within 60 days of discovery of the breach. http://bit.ly/TC43jG Source: http://www.huntonprivacyblog.com/2013/01/articles/hhs-settles-first-enforcement-action-relating-to-a-breach-affecting-fewer-than-500-individuals/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+PrivacyInformationSecurityLawBlog+(Privacy+%26+Information+Security+Law+Blog)&utm_content=Google+Reader See if people are clicking on this link: http://bit.ly/TC43jG+ Try the bitly.com sidebar to see who is talking about a page on the web: http://bitly.com/pages/sidebar List archives at http://lists.ufl.edu/archives/recmgmt-l.html Contact [log in to unmask] for assistance To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message. mailto:[log in to unmask]