One-hour notification mandate for HIX dropped but only because it's already covered

Beth Walsh | | Health Exec | Policy & Regulations

In response to numerous commenters who said a one-hour notification rule for privacy and security incidents is impractical and unworkable, the Centers for Medicare & Medicaid Services (CMS), in a final rule setting standards for health plans operating in state health insurance exchanges, dropped the proposed requirement.

However, CMS noted the provision wasn’t needed because it’s already in existing legal agreements. “Because the one hour incident response timeline has been included in all the data sharing agreements required under the Affordable Care Act, we have deleted the timing for incident reporting from regulation, proposed in section 155.280(c)(3), and expect it to be addressed through separate agreement," the final rule states.

Health insurance exchanges are set to open for business on Oct. 1 to support open enrollment as consumers compare and purchase health insurance with coverage beginning in January 2014.

Not all the provisions from the proposed rule have been finalized, as some need to be in effect by October while others can wait.

The final rule is available here.

 

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Related Content

Cardiologist demand is on the rise—can hospitals keep up?
AdvaMed itemizes AI imperatives for ‘the entire healthcare ecosystem’
UnitedHealth defends $3.3B Amedisys acquisition
DOJ sues to block UnitedHealth’s $3.3B acquisition of home health giant
Private equity firm to buy Summa Health for $485M
Private equity transactions in healthcare down 15% since 2023, report finds

Around the web

Cardiovascular Business
Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

AI in Healthcare
A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”

Cardiovascular Business
FDA commissioner urges clinicians to join fight against medical misinformation

FDA Commissioner Robert Califf, MD, said the clinical community needs to combat health misinformation at a grassroots level. He warned that patients are immersed in a "sea of misinformation without a compass."

Design by Adaptive Theme
Trimed Popup
Trimed Popup