Enforcement Deadline Looms for HITECH Security Breach Notification


Recent changes enacted as part of the Health Information Technology for

Economic and Clinical Health Act (HITECH) and its implementing regulations

require Covered Entities (CEs) and their Business Associates (BAs) to

implement Security Breach Notification procedures and may require revisions

to existing Business Associate Agreements (BAAs). HITECH was passed as a

part of the vast economic stimulus bill known as the American Recovery and

Reinvestment Act of 2009 (ARRA). The new requirements became effective

September 23, 2009, following the publication of the Department of Health and

Human Services (DHHS) Security Breach Notification Interim Final Rule (the

Interim Rule) in August of 2009. Their enforcement, however, begins on

February 23, 2010. If you have not already reviewed your existing BAAs, or

instituted compliant Breach Notification policies and procedures, now is an

excellent time to start. Joshua J. Freemire of Ober|Kaler highlights some of the details of the Interim Rule.

LOADING PDF: If there are any problems, click here to download the file.

Written by:


Baker Donelson on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.