Today, the Centers for Medicare and Medicaid Services (CMS) requested an "emergency review" of its recently proposed rule that "[Federally-facilitated Exchanges or FFEs], non-Exchange entities associated with FFEs, and State Exchanges must report all privacy and security incidents and breaches to HHS within one hour of discovering the incident or breach." 

We reported on the

Are you a “non-Exchange entity” with respect to the healthcare exchanges coming later this year? If so you may become subject to a one-hour breach notification mandate.
Continue Reading One Hour Breach Notification Mandate Proposed Regarding Obamacare Health Exchanges