Stimulus 101 Understanding the HITECH Act



HITECH Act security-breach notification requirements: The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009, imposes notification requirements on covered entities, business associates, vendors of personal health records (PHR) and related entities in the event of certain security breaches relating to protected health information (PHI). The U.S. Department of Health and Human Services (HHS) issued [http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hitechrfi.pdf guidance] on the subject; HHS and the Federal Trade Commission (FTC) are working to harmonize their respective regulations and are seeking public comment with a view to issuing interim final regulations by August 17, 2009, the deadline imposed by the HITECH Act.