The Department of Health and Human Services (HHS) announced yesterday that it was temporarily withdrawing the breach notification final rule from review of the Office of Management and Budget (OMB) to allow HHS further time to consider these regulations. The breach notification rule, among other things, requires covered entities to notify individuals whose protected health information (as defined by HIPAA) has been compromised or breached. HHS’s explanation for the withdrawal was that breach notification was "a complex issue and the Administration is committed to ensuring that individuals’ health information is secured to the extent possible to avoid unauthorized uses and disclosures, and that individuals are appropriately notified when incidents do occur." HHS stated that it intends to publish a final rule in the coming months.