HHS withdraws breach notification rule in wake of $1M Rite Aid case

The Department of Health and Human Services (HHS) has withdrawn its final breach notification rule for unsecured protected health information. Some speculate that the withdrawal was prompted by the recent case involving Rite Aid Corp., where the company allegedly failed to protect discarded customer prescription information. HHS plans to publish a new final rule in the coming months. Patient Privacy Rights supports the withdrawal of the rule, as it did not allow for patients to be notified in all instances of a breach.