• Covered Entities and Business Associates Must Comply with New Federal Notification Requirements for Breaches of Unsecured Protected Health Information
  • September 15, 2009
  • Law Firm: Drinker Biddle & Reath LLP - Philadelphia Office
  • On August 24, 2009, the U.S. Department of Health and Human Services (HHS) published an interim final rule (the Regulations) implementing the notification requirements for breaches of unsecured protected health information (PHI) enacted under Section 13402 of the Health Information Technology for Economic and Clinical Health Act (HITECH Act). Effective September 23, 2009, covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and their business associates will be required to comply with these new breach notification requirements. In order to comply with the Regulations, covered entities and business associates should implement policies and procedures for the appropriate risk assessment and, if required, notification process in the event of a breach of unsecured PHI.