Posts tagged delay

business associate, covered entity, delay, exceptions, financial, reputational, or other harm, HIPAA, HITECH HIPAA breach notification covered entity business associate significan..., law enforcement, or other harm exceptions law enforcement delay risk assessment, reputational, risk assessment, significant risk

The New Health Care Breach Notification Landscape -- HHS Rules

By InfoLawGroup LLP on October 05, 2009

On February 17, 2009, Congress signed into law the Health Information Technology for Economic and Clinical Health or "HITECH" Act ("HITECH" or the "Act") as part of the American Recovery and Reinvestment Act. The HITECH Act requires entities covered by the Health Insurance Portability and Accountability Act ("HIPAA") to provide notification to affected individuals and to the Secretary of Health and Human Services ("HHS") following the discovery of a breach of unsecured protected health information. HITECH also requires business associates of HIPAA-covered entities to notify the covered entity in the event of the breach. The Act required HHS to issue interim final regulations with respect to the new breach notification requirements. On August 24, 2009, the HHS interim final regulations were published in the Federal Register.