State Medicaid Agency Breach Protections and Responses
Breaches of unsecured protected health information (PHI), including data held by State Medicaid agencies and their contractors, are a major concern for health care providers and consumers. The Breach Notification Rule (BNR) outlines requirements for health information safeguards and for notifications after the discovery of a breach of unsecured PHI (45 CFR §§ 164.400 414). Beyond the BNR requirements, State Medicaid agencies may establish other requirements that govern their responses to breaches. We will examine the efforts of State Medicaid agencies in conducting oversight and in responding to breaches.
Announced or Revised | Agency | Title | Component | Report Number(s) | Expected Issue Date (FY) |
---|---|---|---|---|---|
Completed | Centers for Medicare & Medicaid Services | State Medicaid Agency Breach Protections and Responses | Office of Evaluation and Inspections | OEI-09-16-00210 | 2018 |