The 47-page guide offers a good overview of critical issues. It will be particularly useful to smaller organizations, especially physician group practices that lack information security staff. It offers a 10-step plan for addressing privacy and security when preparing for participation in the HITECH Act. But we need more, including more detailed guidance for larger organizations, says John Defterios. He’s looking forward to the final version of the HIPAA breach notification rule, and accompanying guidance, that hopefully will greatly clarify how to determine if a breach needs to be reported.”]
Source: https://www.govinfosecurity.com/blogs/privacy-guidance-important-step-p-1268