HITECH Act and HHS Update

The HITECH Act sets new standards for securing personal health information (PHI) and requires health organizations to comply with the rules by November 1, 2009. Regulatory requirements have been expanded to include business associates within HIPAA in addition to those existing HIPAA entities.

Currently, the FTC Red Flag Rule requires HIPAA covered entities as well as their associates and vendors to provide notice to consumers no more than 60 days following discovery of the breach. There are also stipulations in the Rule pertaining to the method and content of the breach notification.

Failure to bring programs into compliance by the November 1, deadline could leave organizations subject to new steep fines and other penalties in the event of a data breach.

The U.S. Department of Health and Human Services (HHS) has published guidelines to secure health information and prevent identity theft by rendering the information unusable, unreadable, or indecipherable to unauthorized individuals. Learn More