Employee Benefits and Executive Compensation | Health Law Advisory: HHS Issues Rules Relating to Breach Notification and Related Items under the HITECH Act


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) established a comprehensive set of rules regulating, among other things, the privacy and security of medical information. As originally adopted, HIPAA directly regulated only “covered entities,” i.e., health plans, health care clearinghouses, and health care providers that transmit health information electronically in connection with covered transactions. The HIPAA privacy rule established a set of patient rights, including the right of access to one’s medical information, and placed certain limitations on when and how health plans and health care providers may use and disclose protected health information (PHI). The HIPAA security rule specifies a series of administrative, technical, and physical security procedures for providers and plans to use to ensure the confidentiality of electronic health information. HIPAA did not regulate vendors to covered entities—or “business associates,” in the parlance of the final privacy and security rules. Covered entities are, however, required to enter into written agreements with “business associate covenants” in order to share PHI.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mintz Levin - Employment Matters | Attorney Advertising

Written by:


Mintz Levin - Employment Matters on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.