• New Health Plan Privacy Notice Requirements under HITECH Act
  • September 23, 2009
  • Law Firm: Haynes and Boone, LLP - Dallas Office
  • The Department of Health and Human Services ("HHS") recently issued an interim final rule (the "Rule") under the Health Information Technology for Economic and Clinical Health ("HITECH") Act explaining the notification requirements for breaches of protected health information that has not been encrypted or destroyed ("Unsecured PHI"). Employer-sponsored health plans should immediately review and revise their HIPAA privacy policies and procedures to ensure that they adequately address the Rule's requirements for investigating and reporting breaches of Unsecured PHI. The new requirements are effective for breaches occurring on or after September 23, 2009.