Lora Bentley, in her recent posting in the ITBusinessEdge blog, wants to remind us that the data breach notification rule promulgated by the U.S. Department of Health and Human Services (HHS) pursuant to the HITECH Act, even applies to individuals the covered entity knows to be deceased.

Given the fact that each state and territory law has its own position on this rule, and, in fact, where some do not have such a stipulation of notice regarding deceased persons, each organization must pay careful attention to protect themselves from potential privacy breach lawsuits stemming from the HHS rule. 

Click here to read this article and remember to follow the link within this article to the HHS rule as published in the Federal Register for public comment.