Type: News Clips
Brad Rostolsky was interviewed for a podcast and accompanying article entitled “Mega-Breaches: Notification Lessons." Brad encourages health care entities preparing for potential data breaches to consider not only those notification requirements laid out under HIPAA, but also the various applicable state law requirements for breach notification. In some cases, the state regulations call for a much shorter breach notification timeline than HIPAA, and the defined parameters of a breach may vary as well. Brad also discusses several other differences between federal and state health care security regulations, including breach determination and encryption requirements.