October 9, 2009 / Law Alert

Breach Notification Under the HITECH Act: Action Points for Employers Who Sponsor Self-Insured Group Health Plans

The Department of Health and Human Services recently issued an interim final rule under the HITECH Act requiring notification by HIPAA-covered entities of breaches of unsecured protected health information. Employers who sponsor self-insured group health plans need to take immediate action to ensure compliance with the new rule. Among other things, employers should be modifying written HIPAA privacy policies and procedures, training plan sponsor workforce members who are authorized to have access to protected health information, and modifying business associate agreements.