HITECH Deadline Looms Over Covered Entities
Recent changes enacted as part of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and its implementing regulations require Covered Entities and their Business Associates to implement Security Breach Notification procedures and may require revisions to existing Business Associate Agreements (“BAAs”). HITECH was passed as part of the American Recovery and Reinvestment Act of 2009 (“ARRA”). The new requirements became effective September 23, 2009, following the publication of the Department of Health and Human Services (“DHHS”) Security Breach Notification Interim Final Rule (the Interim Rule) in August of 2009. Their enforcement begins on February 23, 2010.
HITECH requires Covered Entities to report to the affected patient, and in some cases to the Centers for Medicare and Medicaid Services(CMS) and/or the local media, any breach to the security of “unsecure” protected health information (“PHI”) held in electronic form. The law applies to Business Associates and BAAs are required to incorporate specific provisions of the law. Accordingly, all Covered Entities and Business Associates should review their BAAs and policies/procedures to ensure compliance with HITECH.
Related posts:
- HIPAA Breach Notification Rules for Unsecured Protected Health Information Issued On August 24, 2009, the Department of Health and Human...
- FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule At the request of Members of Congress, the Federal Trade...
- Hawaii Legal Alert: FTC Announces Delay in Red Flags Rule Until November 2009 The Federal Trade Commission ("FTC") announced that it is extending...
- Hawaii Businesses Should Prepare for Red Flags Rule The FTC recently announced that it is postponing implementation of...
- Jail Term for Hawaii Employee for Misusing Personal Health Information: Compliance with HIPAA Critical for Hawaii Employers In June 2009, a 22-year-old Honolulu mother of three young...