New breach notification rules have been in effect that call for immediate notification of a patient if her personal data are leaked.
As of September 23, 2009, new breach notification rules have been in effect that call for immediate notification of a patient if his or her personal data are leaked. The rules, issued by the US Department of Health and Human Services, define a breach as "the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information." According to American Medical News (9/14/09), the rules also spell out what to do in case employees see information they are not supposed to view. Depending on the circumstances, this type of breach may not need to be reported. The new rules also call for the following: