BREACH NOTIFICATION RULE, cont’d ACTION STEPS: – Evaluate if encryption is feasible – Review/revise BAAs (which entity is going to provide notice to individuals and bear costs) – Review/revise Notice of Privacy Practices (must state individuals will be notified if there is a breach of their unsecured PHI) – Revise policies and procedures to address new standard – Train workforce members on the new standard and the importance of prompt reporting potential impermissible uses and disclosures 21 real challenges. real answers. sm