The HIPAA breach notification rule has two buckets for classifying data breaches – those that involve “protected health information” (PHI) of 500 or more individuals and those that involve fewer than 500 individuals. Since the breach notification rule became effective, the Office of Civil Rights’ (OCR) focus has been on the 500 and over bucket. But no more.
Home > Federal Law Articles > Employee Benefits > HIPAA > Smaller HIPAA Breaches To Get More Attention by Office for Civil Rights