Skip to content

menu

Open Legal Blog Archive logo
HomeAboutBlogsFAQsSubmit

HHS To Examine Breach Notification and Risk Mitigation Plans

By Hunton & Williams LLP on May 24, 2010

The Office for Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) has announced that it will more closely examine covered entities’ breach notification and risk mitigation plans.  OCR noted that small and medium sized covered entities have been particularly vulnerable to data breaches.  The National Institute of Standards and Technology (“NIST”) will publish a guide for covered entities that “outlines the steps to mitigate risks for data breaches, training for how to respond to breaches, and overall preparation in the event of a breach, such as alternate storage facilities for data.”

As previously discussed on this blog, OCR has announced an uptick in HIPAA Security Rule enforcement and issued draft guidance regarding the “risk analysis” implementation specification in the Security Rule.

  • Posted in:
    Privacy & Data Security
  • Blog:
    Privacy & Information Security Law Blog
  • Organization:
    Hunton Andrews Kurth LLP

Open Legal Blog Archive, Inc. logo
Seattle, Washington
Copyright © 2026, Open Legal Blog Archive, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo