Optum360 coding books logo
    Contact Us   (7 a.m.–7 p.m. CST)
  Home > Coding Central Articles > Coding Central Articles  
Coding Central
Coding Central Home
Inside Track to ICD-10
Coding Central Articles
Code This!
Case Studies
Chargemaster Corner

Articles for:
January 25, 2018

Four Tests Added to List of CLIA Waived Tests

In early January, the Centers for Medicare and Medicaid Services (CMS) announced new waived tests... Learn More

New and Revised Vaccine Codes Added to 2018 CPT Code Book

The American Medical Association (AMA) added and revised several vaccine CPT codes for its 201... Learn More

OIG Recommends Measures for Curbing Opioid Misuse and Fraud

Office of Inspector General testimony before the House Committee on Ways and Means in January ... Learn More

View Article Archive

To subscribe, paste this link into your preferred feedreader, or click on one of the buttons below:

Medical Coding News Archives

Breach Notification Rules Effective February 22

February 23, 2010:

The interim final rule, titled Breach Notification for Unsecured Protected Health Information, published in the Federal Register on August 24, 2009, requires that providers take extraordinary measures when patients’ medical information is released to unauthorized persons.

More specifically this interim final rule does the following:
  • Requests comments on requiring notification of breaches of unsecured protected health information (PHI). This is a final rule, but the Department of Health and Human Services (HHS) will likely refine its policies in the future to accommodate some of the comments received.
  • Provides updated guidance on what information is “unsecured protected health information.”
  • Specifies techniques and methodologies that render PHI unusable, unreadable, or indecipherable to unauthorized individuals.

Overall, this rule creates regulations to implement the requirements and actions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which is part of the American Recovery and Reinvestment Act (ARRA).

The breach notification rule applies to breaches that occur on or after 30 days from the August 24 date of publication of this interim final rule. The effective date was September 23, 2009, but the Department of Health and Human Services extended the time frame for becoming completely compliant with the new regulations. The agency will use “enforcement discretion” and not impose sanctions for failure to provide the required notifications for breaches that are discovered before 180 calendar days from the publication of this rule, making full-scale compliance with the new rule required by February 22, 2010.

A breach is defined as the unauthorized acquisition, access, use, or disclosure of PHI that compromises the security or privacy of the PHI. The exceptions to a breach are:
  • Disclosures in which the recipient of the information would not reasonably have been able to retain the information
  • Certain unintentional acquisition
  • Access or use of information by employees or persons acting under the authority of a covered entity or business associate
  • Certain inadvertent disclosures among persons similarly authorized to access protected health information (PHI) at a business associate or covered entity

PHI is individually identifiable health information that is transmitted or maintained in any form or medium, including electronic information. Note that this breach notification rule applies only to PHI.

Deborah C. Hall
Clinical/Technical Editor


Sign in to
Your Account
Forgot your username?
Forgot your password?
Don't have an account?
It's easy to create one.
Promo code

Have a promotional source code? Enter it here:

What is this?