HIPAA Breach Notification Regulations Implemented
The Department of Health and Human Services (HHS) and the Federal Trade Commission (FTC) recently issued interim final rules that require notification in the event of a breach of unsecured protected health information (PHI). As detailed in the Compliance Alert dated June 1, 2009, the breach notification requirement is one of the numerous HIPAA changes made by the Health Information Technology for Economic and Clinical Health Act (HITECH), enacted in February as part of the American Recovery and Reinvestment Act (ARRA).
HHS Breach Notification Requirements
Effective September 23, 2009, all HIPAA covered entities and business associates will be required to notify individuals upon breaches of unsecured PHI. (NOTE: Unsecured PHI is defined as information that has not been rendered unusable, unreadable, or indecipherable by acceptable methods.) Additionally, if the breach involves 500 or more individuals, these entities will be required to notify HHS, as well as the local media.
FTC Breach Notification Requirements
Effective September 24, 2009, all vendors of personal health records will be required to notify individuals upon breaches of unsecured PHI.
Both the HHS and FTC indicated they will use enforcement discretion and will not impose sanctions for failing to comply with the breach notification requirements for a period of 180 days from publication of the Interim Final Rules (or until approximately February 2010).
For a detailed discussion of the breach notification requirements, including a list of suggested employer action items, please click here. Should you have additional questions regarding these new regulations, please contact our office at (919) 403-1986.
Important Notice: Hill, Chesson & Woody does not engage in the practice of law, accounting, or medicine. Therefore, the contents of this communication should not be regarded as a substitute for legal, tax, or medical advice.
September 9, 2009
Hill, Chesson & Woody Employee Benefit Services
194 Finley Golf Course Rd, Suite 200,
Chapel Hill, NC 27517
Phone: 919.403.1986
Fax: 919.869.2063
www.hcwbenefits.com