Little more than one month after the HIPAA breach notification regulations became effective (September 23, 2009), covered entities (health care providers, health plans) and their business associates are struggling with the effects of these new rules. Many are asking:
- What is a breach?
- Do we have to notify in all cases, what are the exceptions?