Recent changes enacted as part of the Health Information Technology for
Economic and Clinical Health Act (HITECH) and its implementing regulations
require Covered Entities (CEs) and their Business Associates (BAs) to
implement Security Breach Notification procedures and may require revisions
to existing Business Associate Agreements (BAAs). HITECH was passed as a
part of the vast economic stimulus bill known as the American Recovery and
Reinvestment Act of 2009 (ARRA). The new requirements became effective
September 23, 2009, following the publication of the Department of Health and
Human Services (DHHS) Security Breach Notification Interim Final Rule (the
Interim Rule) in August of 2009. Their enforcement, however, begins on
February 23, 2010. If you have not already reviewed your existing BAAs, or
instituted compliant Breach Notification policies and procedures, now is an
excellent time to start. Joshua J. Freemire of Ober|Kaler highlights some of the details of the Interim Rule.
Please see full publication below for more information.